Host value does not get escaped correctly

[nvie]

The host property can be assigned an evil value that breaks the URL parsing and leads to furl outputting invalid URLs.

Steps to replicate

Values assigned to the host property don't get escaped correctly:

>>> u = furl('https://user:pass@myhost.com/path/goes/here')
>>> u.host = 'evil:hahaha@haxx0r.com'
>>> str(u)
'https://user:pass@evil:hahaha@haxx0r.com/path/goes/here'

Trying to parse this value with furl again leads to an error now:

>>> furl(str(u))
...
ValueError: Invalid port: 'hahaha@haxx0r.com'

Expected result

Either escape the value for the host property, or throw an error if this is impossible (i.e. even escaped chars are not allowed).

Actual result

A URL that's broken and ends up not being a valid URL.

[gruns]

Awesome find.

Fixed in furl v0.4.95, where a ValueError is raised if the host is egregiously
invalid.

>>> import furl
>>> furl.__version__
'0.4.95'
>>> from furl import furl
>>> f = furl('https://user:pass@myhost.com/path/goes/here')
>>> f.host = 'evil:hahaha@haxx0r.com'
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/furl/furl.py", line 1291, in __setattr__
    object.__setattr__(self, attr, value)
  File "/usr/local/lib/python2.7/dist-packages/furl/furl.py", line 930, in host
    raise ValueError(errmsg % host)
ValueError: Invalid host 'evil:hahaha@haxx0r.com'. Host strings must only contain [\.\-a-zA-Z0-9] and can't have adjacent periods.

Upgrade with pip install furl -U.

Thank you for the thorough, detailed Issue and bringing this bug to my
attention, Vincent. Don't hesitate to let me know if there's anything else I can
do for you.

[nvie]

Thanks for the fix!