[Python-Dev] bug in urlparse
jepler@unpythonic.net
jepler at unpythonic.net
Mon Sep 5 01:38:08 CEST 2005
According to RFC 2396[1] section 5.2:
g) If the resulting buffer string still begins with one or more
complete path segments of "..", then the reference is
considered to be in error. Implementations may handle this
error by retaining these components in the resolved path (i.e.,
treating them as part of the final URI), by removing them from
the resolved path (i.e., discarding relative levels above the
root), or by avoiding traversal of the reference.
If I read this right, it explicitly allows the urlparse.urljoin behavior
("handle this error by retaining these components in the resolved path").
Also see C.2. Abnormal Examples.
In practice, some implementations strip leading relative symbolic
elements (".", "..") after applying a relative URI calculation, based
on the theory that compensating for obvious author errors is better
than allowing the request to fail. Thus, the above two references
will be interpreted as "http://a/g" by some implementations.
Jeff
[1] http://www.faqs.org/rfcs/rfc2396.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.python.org/pipermail/python-dev/attachments/20050904/08f66318/attachment.pgp
More information about the Python-Dev
mailing list