git.ipfire.org Git - thirdparty/Python/cpython.git/commit

]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit

projects / thirdparty / Python / cpython.git / commit

author	Alex Gaynor <alex.gaynor@gmail.com>
	Fri, 15 Nov 2024 23:09:05 +0000 (18:09 -0500)
committer	GitHub <noreply@github.com>
	Fri, 15 Nov 2024 23:09:05 +0000 (18:09 -0500)
commit	d6bcc154e93a0a20ab97187d3e8b726fffb14f8f
tree	6c1943b1e4e44e5cdfff45ecb2557a48e2445db5	tree \| snapshot
parent	94a7a4e22fb8f567090514785c69e65298acca42	commit \| diff

Added a warning to the urljoin docs, indicating that it is not safe to use with attacker controlled URLs (GH-126659)

This was flagged to me at a party today by someone who works in red-teaming as a frequently encountered footgun. Documenting the potentially unexpected behavior seemed like a good place to start.

Doc/library/urllib.parse.rst

diff | blob | blame | history

Mirror of https://github.com/python/cpython.git

RSS Atom