[3.9] bpo-43882 Remove the newline, and tab early. From query and fragments. #25853
Conversation
orsenthil
changed the title
Lib/test/test_urlparse.py
Outdated
| @@ -614,32 +614,40 @@ def test_urlsplit_attributes(self): | |||
|
|
|||
| def test_urlsplit_remove_unsafe_bytes(self): | |||
| # Remove ASCII tabs and newlines from input | |||
| url = "http://www.python.org/java\nscript:\talert('msg\r\n')/#frag" | |||
| url = "http\t://www.python.org/java\nscript:\talert('msg\r\n')/?query\n=\tsomething#frag\nment" | |||
There was a problem hiding this comment.
i suggest also adding a \r in the middle of the netloc for good measure. www.python\r.org perhaps?
|
When you're done making the requested changes, leave the comment: |
|
fwiw this PR is against 3.9. i assume you'll "backport to main and 3.10" once those aren't actively being release branched and renamed? |
Yes, exactly. I wanted to time window to be utilized for 3.9 and 3.8. |
|
@orsenthil: Please replace |
|
|
||
| for b in _UNSAFE_URL_BYTES_TO_REMOVE: | ||
| url = url.replace(b, "") | ||
| scheme = scheme.replace(b, "") |
There was a problem hiding this comment.
According to the typeshed, the scheme argument to urlparse is Optional. However, with this change, a value of None will result in an error like:
AttributeError: 'NoneType' object has no attribute 'replace'
I'm not sure whether the typeshed is wrong or if this line should be guarded with if scheme is not None, but we should definitely fix one or the other and perhaps improve the documentation on this option.
Thanks to @branchvincent for doing the digging and reporting this issue to me.
Based on the review comment #25726 (review)
Moving the fix for removing newline and tabs early to include both query strings and fragments, (Entire URL).
https://bugs.python.org/issue43882