summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_urlparse.py
Commit message (Collapse)AuthorAgeFilesLines
* gh-102153: Start stripping C0 control and space chars in `urlsplit` (#102508)Illia Volochii2023-05-171-1/+60
| | | | | | | | | `urllib.parse.urlsplit` has already been respecting the WHATWG spec a bit #25595. This adds more sanitizing to respect the "Remove any leading C0 control or space from input" [rule](https://url.spec.whatwg.org/#url-parsing:~:text=Remove%20any%20leading%20and%20trailing%20C0%20control%20or%20space%20from%20input.) in response to [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329). --------- Co-authored-by: Gregory P. Smith [Google] <greg@krypto.org>
* gh-103848: Adds checks to ensure that bracketed hosts found by urlsplit are ↵JohnJamesUtley2023-05-101-0/+26
| | | | | | | | | of IPv6 or IPvFuture format (#103849) * Adds checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format --------- Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-104139: Add itms-services to uses_netloc urllib.parse. (#104312)Gregory P. Smith2023-05-091-14/+19
| | | | Teach unsplit to retain the `"//"` when assembling `itms-services://?action=generate-bugs` style [Apple Platform Deployment](https://support.apple.com/en-gb/guide/deployment/depce7cefc4d/web) URLs.
* gh-99418: Make urllib.parse.urlparse enforce that a scheme must begin with ↵Ben Kallus2022-11-131-0/+18
| | | | | | | | | | | an alphabetical ASCII character. (#99421) Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character. RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )` RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A` The WHATWG URL spec defines a scheme like this: `"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
* gh-96035: Make urllib.parse.urlparse reject non-numeric ports (#98273)Ben Kallus2022-10-201-3/+7
| | | Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* gh-95865: Further reduce quote_from_bytes memory consumption (#96860)Gregory P. Smith2022-09-191-0/+4
| | | on large input values. Based on Dennis Sweeney's chunking idea.
* Speed up test_urlsplit_normalization (GH-26688)Jacob Walls2021-07-221-1/+2
|
* bpo-44002: Switch to lru_cache in urllib.parse. (GH-25798)Gregory P. Smith2021-05-121-2/+16
| | | | | | | | | | | | Switch to lru_cache in urllib.parse. urllib.parse now uses functool.lru_cache for its internal URL splitting and quoting caches instead of rolling its own like its the 90s. The undocumented internal Quoted class API is now deprecated as it had no reason to be public and no existing OSS users were found. The clear_cache() API remains undocumented but gets an explicit test as it is used in a few projects' (twisted, gevent) tests as well as our own regrtest.
* bpo-43882 Remove the newline, and tab early. From query and fragments. ↵Senthil Kumaran2021-05-051-8/+16
| | | | (GH-25921)
* bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and ↵Senthil Kumaran2021-04-291-0/+29
| | | | | | | | tabs. (GH-25595) * issue43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (#24818)Ken Jin2021-04-111-0/+4
| | | | | | | * coerce bytes separator to string * Add news * Update Misc/NEWS.d/next/Library/2021-03-11-00-31-41.bpo-42967.2PeQRw.rst
* bpo-42967: only use '&' as a query string separator (#24297)Adam Goldschmidt2021-02-141-22/+46
| | | | | | | | | | | bpo-42967: [security] Address a web cache-poisoning issue reported in urllib.parse.parse_qsl(). urllib.parse will only us "&" as query string separator by default instead of both ";" and "&" as allowed in earlier versions. An optional argument seperator with default value "&" is added to specify the separator. Co-authored-by: Éric Araujo <merwok@netwok.org> Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com> Co-authored-by: Éric Araujo <merwok@netwok.org>
* bpo-27657: Fix urlparse() with numeric paths (#661)Tim Graham2019-10-181-4/+6
| | | | | | | | | | * bpo-27657: Fix urlparse() with numeric paths Revert parsing decision from bpo-754016 in favor of the documented consensus in bpo-16932 of how to treat strings without a // to designate the netloc. * bpo-22891: Remove urlsplit() optimization for 'http' prefixed inputs.
* bpo-36742: Corrects fix to handle decomposition in usernames (#13812)Steve Dower2019-06-041-5/+6
|
* bpo-35397: Remove deprecation and document urllib.parse.unwrap (GH-11481)Rémi Lapeyre2019-05-271-8/+4
|
* bpo-36742: Fixes handling of pre-normalization characters in urlsplit() ↵Steve Dower2019-04-301-0/+6
| | | | (GH-13017)
* bpo-36216: Add check for characters in netloc that normalize to separators ↵Steve Dower2019-03-071-0/+23
| | | | (GH-12201)
* bpo-35202: Remove unused imports in tests. (GH-10561)Srinivas Thatiparthy (శ్రీనివాస్ తాటిపర్తి)2018-11-161-1/+0
|
* bpo-34866: Adding max_num_fields to cgi.FieldStorage (GH-9660)matthewbelisle-wf2018-10-191-0/+7
| | | | Adding `max_num_fields` to `cgi.FieldStorage` to make DOS attacks harder by limiting the number of `MiniFieldStorage` objects created by `FieldStorage`.
* bpo-27485: Change urlparse tests to use private methods. (GH-7070)Cheryl Sabella2018-06-031-12/+12
|
* bpo-27485: Rename and deprecate undocumented functions in urllib.parse (GH-2205)Cheryl Sabella2018-04-251-1/+87
|
* bpo-33034: Improve exception message when cast fails for ↵Matt Eaton2018-03-201-0/+10
| | | | {Parse,Split}Result.port (GH-6078)
* bpo-32323: urllib.parse.urlsplit() must not lowercase() IPv6 scope value (#4867)Коренберг Марк2017-12-211-0/+9
|
* urllib: Simplify splithost by calling into urlparse. (#1849)postmasters2017-06-201-12/+39
| | | | | | | | The current regex based splitting produces a wrong result. For example:: http://abc#@def Web browsers parse that URL as ``http://abc/#@def``, that is, the host is ``abc``, the path is ``/``, and the fragment is ``#@def``.
* correct parse_qs and parse_qsl test case descriptions. (#968)Senthil Kumaran2017-04-051-6/+6
| | | * correct parse_qs and parse_qsl test case descriptions.
* Issue #25895: Merge from 3.5Berker Peksag2016-09-161-0/+2
|\
| * Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoinBerker Peksag2016-09-161-0/+2
| | | | | | | | Patch by Gergely Imreh and Markus Holtermann.
* | merge 3.5Senthil Kumaran2016-04-161-2/+53
|\ \ | |/ | | | | | | issue26775 - Improve test coverage for urllib.parse Patch contributed by Luiz Poleto.
| * issue26775 - Improve test coverage for urllib.parseSenthil Kumaran2016-04-161-2/+53
| | | | | | | | Patch contributed by Luiz Poleto.
* | Issue #20059: urllib.parse raises ValueError on all invalid ports.Robert Collins2015-08-091-19/+17
|/ | | | Patch by Martin Panter.
* Issue #23684: Clarify the return value of the scheme attribute of ↵Berker Peksag2015-06-251-0/+41
|\ | | | | | | | | | | ParseResult and SplitResult objects. Patch by Martin Panter.
| * Issue #23684: Clarify the return value of the scheme attribute of ↵Berker Peksag2015-06-251-0/+41
| | | | | | | | | | | | ParseResult and SplitResult objects. Patch by Martin Panter.
* | Issue #13866: add *quote_via* argument to urlencode.R David Murray2015-05-181-0/+10
| | | | | | | | | | Patch by samwyse, completed by Arnon Yaari, and reviewed by Martin Panter.
* | Issue #23703: Fix a regression in urljoin() introduced in 901e4e52b20a.Berker Peksag2015-04-151-0/+3
| | | | | | | | Patch by Demian Brecht.
* | Issue #23411: Added DefragResult, ParseResult, SplitResult, DefragResultBytes,Serhiy Storchaka2015-04-071-0/+16
| | | | | | | | | | ParseResultBytes, and SplitResultBytes to urllib.parse.__all__. Patch by Martin Panter.
* | Added more tests for urllib.parse utility functions.Serhiy Storchaka2015-03-021-54/+129
|\ \ | |/ | | | | These functions are not documented but used in third-party code.
| * Added more tests for urllib.parse utility functions.Serhiy Storchaka2015-03-021-54/+129
| | | | | | | | These functions are not documented but used in third-party code.
* | Issue #22278: Fix urljoin problem with relative urls, a regression observedSenthil Kumaran2014-09-221-0/+12
| | | | | | | | | | | | after changes to issue22118 were submitted. Patch contributed by Demian Brecht and reviewed by Antoine Pitrou.
* | Issue #22118: Switch urllib.parse to use RFC 3986 semantics for the ↵Antoine Pitrou2014-08-211-16/+24
|/ | | | | | resolution of relative URLs, rather than RFCs 1808 and 2396. Patch by Demian Brecht.
* Issue #20270: urllib.urlparse now supports empty ports.Serhiy Storchaka2014-01-181-10/+28
|\
| * Issue #20270: urllib.urlparse now supports empty ports.Serhiy Storchaka2014-01-181-10/+28
| |
* | Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-2/+0
|\ \ | |/ | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang lines in the unittestgui and checkpip scripts.
| * Issue #19936: Added executable bits or shebang lines to Python scripts whichSerhiy Storchaka2014-01-161-2/+0
| | | | | | | | | | | | | | requires them. Disable executable bits and shebang lines in test and benchmark files in order to prevent using a random system python, and in source files of modules which don't provide command line interface. Fixed shebang line to use python3 executable in the unittestgui script.
* | #17472: add tests for a couple of untested methods in urllib.urlparse.R David Murray2013-03-221-0/+8
|/ | | | Original patch by Daniel Wozniak.
* Fix issue16713 - tel url parsing with paramsSenthil Kumaran2012-12-241-0/+29
|
* Issue #14036: return None when port in urlparse cross 65535Senthil Kumaran2012-05-241-0/+5
|
* #14072: Fix parsing of tel URIs in urlparse by making the check for ports ↵Ezio Melotti2012-05-191-0/+7
| | | | stricter.
* Issue9374 - Generic parsing of query and fragment portion of urls for any schemeSenthil Kumaran2012-05-191-0/+9
|
* Merge from 3.1: Issue #13703: add a way to randomize the hash values of ↵Georg Brandl2012-02-201-1/+2
|\ | | | | | | | | | | | | | | | | basic types (str, bytes, datetime) in order to make algorithmic complexity attacks on (e.g.) web apps much more complicated. The environment variable PYTHONHASHSEED and the new command line flag -R control this behavior.
* | Remove duplication.Ezio Melotti2011-10-191-1/+1
| |