diff options
| author | Senthil Kumaran <senthil@uthcode.com> | 2021-04-29 17:16:50 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-29 17:16:50 (GMT) |
| commit | 76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (patch) | |
| tree | 9a68f606c0d7a11720853a4acaf2b61d718061ac /Lib/test/test_urlparse.py | |
| parent | 14fc2bdfab857718429029e53ceffca456178827 (diff) | |
| download | cpython-76cd81d60310d65d01f9d7b48a8985d8ab89c8b4.zip cpython-76cd81d60310d65d01f9d7b48a8985d8ab89c8b4.tar.gz cpython-76cd81d60310d65d01f9d7b48a8985d8ab89c8b4.tar.bz2 | |
bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. (GH-25595)
* issue43882 - urllib.parse should sanitize urls containing ASCII newline and tabs.
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Diffstat (limited to 'Lib/test/test_urlparse.py')
| -rw-r--r-- | Lib/test/test_urlparse.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py index c543ac9..67341fe 100644 --- a/Lib/test/test_urlparse.py +++ b/Lib/test/test_urlparse.py @@ -612,6 +612,35 @@ class UrlParseTestCase(unittest.TestCase): with self.assertRaisesRegex(ValueError, "out of range"): p.port + def test_urlsplit_remove_unsafe_bytes(self): + # Remove ASCII tabs and newlines from input + url = "http://www.python.org/java\nscript:\talert('msg\r\n')/#frag" + p = urllib.parse.urlsplit(url) + self.assertEqual(p.scheme, "http") + self.assertEqual(p.netloc, "www.python.org") + self.assertEqual(p.path, "/javascript:alert('msg')/") + self.assertEqual(p.query, "") + self.assertEqual(p.fragment, "frag") + self.assertEqual(p.username, None) + self.assertEqual(p.password, None) + self.assertEqual(p.hostname, "www.python.org") + self.assertEqual(p.port, None) + self.assertEqual(p.geturl(), "http://www.python.org/javascript:alert('msg')/#frag") + + # Remove ASCII tabs and newlines from input as bytes. + url = b"http://www.python.org/java\nscript:\talert('msg\r\n')/#frag" + p = urllib.parse.urlsplit(url) + self.assertEqual(p.scheme, b"http") + self.assertEqual(p.netloc, b"www.python.org") + self.assertEqual(p.path, b"/javascript:alert('msg')/") + self.assertEqual(p.query, b"") + self.assertEqual(p.fragment, b"frag") + self.assertEqual(p.username, None) + self.assertEqual(p.password, None) + self.assertEqual(p.hostname, b"www.python.org") + self.assertEqual(p.port, None) + self.assertEqual(p.geturl(), b"http://www.python.org/javascript:alert('msg')/#frag") + def test_attributes_bad_port(self): """Check handling of invalid ports.""" for bytes in (False, True): |