[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
STINNER Victor
report at bugs.python.org
Wed Jan 20 10:17:28 EST 2021
STINNER Victor <vstinner at python.org> added the comment:
> Python implementation obeys contemporary standards
The contemporary standard is HTML5 and HTML5 asks to only split at "&", no?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42967>
_______________________________________
More information about the Python-bugs-list
mailing list