summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_urlparse.py
Commit message (Collapse)AuthorAgeFilesLines
* [3.10] [3.11] gh-102153: Start stripping C0 control and space chars in ↵Miss Islington (bot)2023-05-171-1/+60
| | | | | | | | | | | | | | | | | | | | | | `urlsplit` (GH-102508) (GH-104575) (#104592) gh-102153: Start stripping C0 control and space chars in `urlsplit` (GH-102508) `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit GH-25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/GH-url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). I simplified the docs by eliding the state of the world explanatory paragraph in this security release only backport. (people will see that in the mainline /3/ docs) --------- (cherry picked from commit 2f630e1ce18ad2e07428296532a68b11dc66ad10) (cherry picked from commit 610cc0ab1b760b2abaac92bd256b96191c46b941) Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Co-authored-by: Illia Volochii <illia.volochii@gmail.com> Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
* gh-96035: Make urllib.parse.urlparse reject non-numeric ports (GH-98273)Miss Islington (bot)2022-10-201-3/+7
| | | | | | Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com> (cherry picked from commit 6f15ca8c7afa23e1adc87f2b66b958b721f9acab) Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
* bpo-43882 Remove the newline, and tab early. From query and fragments. ↵Miss Islington (bot)2021-05-051-8/+16
| | | | | (GH-25936) (cherry picked from commit 985ac016373403e8ad41f8d563c4355ffa8d49ff)
* bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and ↵Senthil Kumaran2021-04-291-0/+29
| | | | | | | | tabs. (GH-25595) * issue43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (#24818)Ken Jin2021-04-111-0/+4
| | | | | | | * coerce bytes separator to string * Add news * Update Misc/NEWS.d/next/Library/2021-03-11-00-31-41.bpo-42967.2PeQRw.rst
* bpo-42967: only use '&' as a query string separator (#24297)Adam Goldschmidt2021-02-141-22/+46
| | | | | | | | | | | bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Éric Araujo <merwok@netwok.org>
* bpo-27657: Fix urlparse() with numeric paths (#661)Tim Graham2019-10-181-4/+6
| | | | | | | | | | * bpo-27657: Fix urlparse() with numeric paths Revert parsing decision from bpo-754016 in favor of the documented consensus in bpo-16932 of how to treat strings without a // to designate the netloc. * bpo-22891: Remove urlsplit() optimization for 'http' prefixed inputs.
* bpo-36742: Corrects fix to handle decomposition in usernames (#13812)Steve Dower2019-06-041-5/+6
|
* bpo-35397: Remove deprecation and document urllib.parse.unwrap (GH-11481)Rémi Lapeyre2019-05-271-8/+4
|
* bpo-36742: Fixes handling of pre-normalization characters in urlsplit() ↵Steve Dower2019-04-301-0/+6
| | | | (GH-13017)
* bpo-36216: Add check for characters in netloc that normalize to separators ↵Steve Dower2019-03-071-0/+23
| | | | (GH-12201)
* bpo-35202: Remove unused imports in tests. (GH-10561)Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)2018-11-161-1/+0
|
* bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)matthewbelisle-wf2018-10-191-0/+7
| | | | Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
* bpo-27485: Change urlparse tests to use private methods. (GH-7070)Cheryl Sabella2018-06-031-12/+12
|
* bpo-27485: Rename and deprecate undocumented functions in urllib.parse (GH-2205)Cheryl Sabella2018-04-251-1/+87
|
* bpo-33034: Improve exception message when cast fails for ↵Matt Eaton2018-03-201-0/+10
| | | | {Parse,Split}Result.port (GH-6078)
* bpo-32323: urllib.parse.urlsplit() must not lowercase() IPv6 scope value (#4867)Коренберг Марк2017-12-211-0/+9
|
* urllib: Simplify splithost by calling into urlparse. (#1849)postmasters2017-06-201-12/+39
| | | | | | | | The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``.
* correct parse_qs and parse_qsl test case descriptions. (#968)Senthil Kumaran2017-04-051-6/+6
| | | * correct parse_qs and parse_qsl test case descriptions.
* Issue #25895: Merge from 3.5Berker Peksag2016-09-161-0/+2
|\
| * Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoinBerker Peksag2016-09-161-0/+2
| | | | | | | | Patch by Gergely Imreh and Markus Holtermann.
* | merge 3.5Senthil Kumaran2016-04-161-2/+53
|\ \ | |/ | | | | | | issue26775 - Improve test coverage for urllib.parse Patch contributed by Luiz Poleto.
| * issue26775 - Improve test coverage for urllib.parseSenthil Kumaran2016-04-161-2/+53
| | | | | | | | Patch contributed by Luiz Poleto.
* | Issue #20059: urllib.parse raises ValueError on all invalid ports.Robert Collins2015-08-091-19/+17
|/ | | | Patch by Martin Panter.
* Issue #23684: Clarify the return value of the scheme attribute of ↵Berker Peksag2015-06-251-0/+41
|\ | | | | | | | | | | ParseResult and SplitResult objects. Patch by Martin Panter.
| * Issue #23684: Clarify the return value of the scheme attribute of ↵Berker Peksag2015-06-251-0/+41
| | | | | | | | | | | | ParseResult and SplitResult objects. Patch by Martin Panter.
* | Issue #13866: add *quote_via* argument to urlencode.R David Murray2015-05-181-0/+10
| | | | | | | | | | Patch by samwyse, completed by Arnon Yaari, and reviewed by Martin Panter.
* | Issue #23703: Fix a regression in urljoin() introduced in 901e4e52b20a.Berker Peksag2015-04-151-0/+3
| | | | | | | | Patch by Demian Brecht.
* | Issue #23411: Added DefragResult, ParseResult, SplitResult, DefragResultBytes,Serhiy Storchaka2015-04-071-0/+16
| | | | | | | | | | ParseResultBytes, and SplitResultBytes to urllib.parse.__all__. Patch by Martin Panter.
* | Added more tests for urllib.parse utility functions.Serhiy Storchaka2015-03-021-54/+129
|\ \ | |/ | | | | These functions are not documented but used in third-party code.
| * Added more tests for urllib.parse utility functions.Serhiy Storchaka2015-03-021-54/+129
| | | | | | | | These functions are not documented but used in third-party code.
* | Issue #22278: Fix urljoin problem with relative urls, a regression observedSenthil Kumaran2014-09-221-0/+12
| | | | | | | | | | | | after changes to issue22118 were submitted. Patch contributed by Demian Brecht and reviewed by Antoine Pitrou.
* | Issue #22118: Switch urllib.parse to use RFC 3986 semantics for the ↵Antoine Pitrou2014-08-211-16/+24
|/ | | | | | resolution of relative URLs, rather than RFCs 1808 and 2396. Patch by Demian Brecht.
* Issue #20270: urllib.urlparse now supports empty ports.Serhiy Storchaka2014-01-181-10/+28
|\
| * Issue #20270: urllib.urlparse now supports empty ports.Serhiy Storchaka2014-01-181-10/+28
| |
* | Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-2/+0
|\ \ | |/ | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang lines in the unittestgui and checkpip scripts.
| * Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-2/+0
| | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* | #17472: add tests for a couple of untested methods in urllib.urlparse.R David Murray2013-03-221-0/+8
|/ | | | Original patch by Daniel Wozniak.
* Fix issue16713 - tel url parsing with paramsSenthil Kumaran2012-12-241-0/+29
|
* Issue #14036: return None when port in urlparse cross 65535Senthil Kumaran2012-05-241-0/+5
|
* #14072: Fix parsing of tel URIs in urlparse by making the check for ports ↵Ezio Melotti2012-05-191-0/+7
| | | | stricter.
* Issue9374 - Generic parsing of query and fragment portion of urls for any schemeSenthil Kumaran2012-05-191-0/+9
|
* Merge from 3.1: Issue #13703: add a way to randomize the hash values of ↵Georg Brandl2012-02-201-1/+2
|\ | | | | | | | | | | | | | | | | basic types (str, bytes, datetime) in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
* | Remove duplication.Ezio Melotti2011-10-191-1/+1
| |
* | change the redundant svn scheme urljoin test case to svn+ssh scheme.Senthil Kumaran2011-08-031-1/+1
| |
* | Fix closes issue12683 - urljoin to work with relative join of svn scheme.Senthil Kumaran2011-08-031-0/+2
| |
* | Fix closes issue12581 - Increase the urllib.parse test coverage. Patch by ↵Senthil Kumaran2011-07-231-2/+76
| | | | | | | | Petter Haggholm.
* | merge from 3.1Senthil Kumaran2011-04-151-0/+5
|\ \ | |/
| * Issue #11467: Fix urlparse behavior when handling urls which contains scheme ↵Senthil Kumaran2011-04-151-0/+5
| | | | | | | | specific part only digits.
| * Merged revisions 87329 via svnmerge fromSenthil Kumaran2010-12-171-0/+3
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87329 | senthil.kumaran | 2010-12-17 12:48:45 +0800 (Fri, 17 Dec 2010) | 3 lines Fix Issue9721 - urljoin behavior when the relative url starts with ';' ........
generated by cgit v0.12 at 2025-09-16 00:07:23 (GMT)