[issue11662] Redirect vulnerability in urllib/urllib2
Senthil Kumaran
report at bugs.python.org
Thu Mar 24 16:09:30 CET 2011
Senthil Kumaran <orsenthil at gmail.com> added the comment:
>> HTTPRedirectHandler behaviour can be changed
>> to only allow redirects to HTTP, HTTPS and FTP by checking the scheme
>> of the location URL (this seems to be a common practise in browsers)
This would be the way to go.
----------
nosy: +orsenthil
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11662>
_______________________________________
More information about the Python-bugs-list
mailing list