[issue11662] Redirect vulnerability in urllib/urllib2
STINNER Victor
report at bugs.python.org
Thu Mar 24 16:38:04 CET 2011
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
c6a4d267fe88.diff: This patch doesn't explain why other scheme are not allowed. I like Guido's comment:
# For security reasons we do not allow redirects to protocols
# other than HTTP or HTTPS.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11662>
_______________________________________
More information about the Python-bugs-list
mailing list