]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d724dd) | patch
gh-137586: Open external osascript program with absolute path (GH-137584)
authorFionn <1897918+fionn@users.noreply.github.com>
Mon, 6 Apr 2026 16:42:10 +0000 (00:42 +0800)
committerGitHub <noreply@github.com>
Mon, 6 Apr 2026 16:42:10 +0000 (09:42 -0700)
commita0c57a8d17eb0f5c4e620d83a13a47cf4d85e76f
treea50ee793cf024ab4e58ce0e4bc0d056e5b63f2fctree | snapshot
parent3d724dd9149068ec9c335262d81d410a564d3598commit | diff
gh-137586: Open external osascript program with absolute path (GH-137584)

Open web browser with absolute path

On macOS, web browsers are opened via popen calling osascript. However,
if a user has a colliding osascript executable earlier in their PATH,
this may fail or cause unwanted behaviour.

Depending on one's environment or level of paranoia, this may be considered a security vulnerability.

Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Lib/test/test_webbrowser.py diff | blob | blame | history
Lib/turtledemo/__main__.py diff | blob | blame | history
Lib/webbrowser.py diff | blob | blame | history
Misc/NEWS.d/next/macOS/2025-10-17-01-07-03.gh-issue-137586.kVzxvp.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git