[New-bugs-announce] [issue46870] Improper Input Validation in urlparse

Pocas report at bugs.python.org
Sat Feb 26 20:12:03 EST 2022

New submission from Pocas <pocas.cyber at gmail.com>:

If http:@localhost url is entered as an argument value of the urlpasre() function, the parser cannot parse it properly. Since http:@localhost is a valid URL, the character after the @ character must be parsed as a hostname.

Python 3.9.10 (main, Jan 15 2022, 11:48:04)
[Clang 13.0.0 (clang-1300.0.29.3)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib.parse import urlparse
>>> print(urlparse('http:@localhost'))
ParseResult(scheme='http', netloc='', path='@localhost', params='', query='', fragment='')

messages: 414132
nosy: P0cas
priority: normal
severity: normal
status: open
title: Improper Input Validation in urlparse
type: performance
versions: Python 3.9

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list