Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-105704: Disallow IPv6 URLs with invalid prefix/suffix #111261

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

gh-105704: Disallow IPv6 URLs with invalid prefix/suffix #111261

wants to merge 2 commits into from
+42 −17

Conversation

bcail
Copy link

@bcail bcail commented Oct 24, 2023
edited by bedevere-app bot

@cpython-cla-bot
Copy link

cpython-cla-bot bot commented Oct 24, 2023
edited

The following commit authors need to sign the Contributor License Agreement:

Click the button to sign:
CLA not signed

@bedevere-app bedevere-app bot mentioned this pull request Oct 24, 2023
Open
@bedevere-app
Copy link

bedevere-app bot commented Oct 24, 2023

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@pschoen-itsc
Copy link

@bcail Would it be possible to also add a test case for having a bracket in the username / password? Because this is case where the current implementation fails for me, but it should work according to the referenced spec.

@bcail
Copy link
Author

bcail commented Oct 24, 2023

@pschoen-itsc Sure, if there's consensus. What about this comment? Doesn't that comment argue that the spec says that brackets in the username/password should be percent-encoded?

@pschoen-itsc
Copy link

pschoen-itsc commented Oct 24, 2023
edited

@bcail There was a breaking change which wasn't covered by the tests. So at least we should habe tests which cover the spec (not the "faulty" implementation before 3.11.4).
Just my opinion.

(Edited because to stupid to read...)

@bcail
Copy link
Author

bcail commented Oct 24, 2023

Here's the description of what characters should be encoded in user info.

Looks like we don't currently check for characters (like [) that must be percent-encoded, and we don't decode them - the username and password are just left however they come in.

@orsenthil Do we want to add some checking for characters that weren't properly encoded, and should we decode the encoded characters in the username/password?

@bedevere-app
Copy link

bedevere-app bot commented Oct 24, 2023

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@bcail
Copy link
Author

bcail commented Oct 24, 2023

I also just pushed a commit that adds the checking for bytes URLs as well.

@bedevere-app
Copy link

bedevere-app bot commented Jan 25, 2024

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@gpshead gpshead self-assigned this Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gpshead gpshead

Labels
awaiting review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bcail @pschoen-itsc @gpshead