[Python-Dev] bug in urlparse

jepler@unpythonic.net jepler at unpythonic.net
Mon Sep 5 01:38:08 CEST 2005

According to RFC 2396[1] section 5.2:

      g) If the resulting buffer string still begins with one or more
         complete path segments of "..", then the reference is
         considered to be in error.  Implementations may handle this
         error by retaining these components in the resolved path (i.e.,
         treating them as part of the final URI), by removing them from
         the resolved path (i.e., discarding relative levels above the
         root), or by avoiding traversal of the reference.

If I read this right, it explicitly allows the urlparse.urljoin behavior
("handle this error by retaining these components in the resolved path").

Also see C.2. Abnormal Examples.

   In practice, some implementations strip leading relative symbolic
   elements (".", "..") after applying a relative URI calculation, based
   on the theory that compensating for obvious author errors is better
   than allowing the request to fail.  Thus, the above two references
   will be interpreted as "http://a/g" by some implementations.

[1] http://www.faqs.org/rfcs/rfc2396.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.python.org/pipermail/python-dev/attachments/20050904/08f66318/attachment.pgp

More information about the Python-Dev mailing list