[3.13] Added a warning to the urljoin docs, indicating that it is not safe to use with attacker controlled URLs (GH-126659) (#126888)
Added a warning to the urljoin docs, indicating that it is not safe to use with attacker controlled URLs (GH-126659)
This was flagged to me at a party today by someone who works in red-teaming as a frequently encountered footgun. Documenting the potentially unexpected behavior seemed like a good place to start.
(cherry picked from commit
d6bcc154e93a0a20ab97187d3e8b726fffb14f8f)
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
projects / thirdparty / Python / cpython.git / commit
