summaryrefslogtreecommitdiffstats
path: root/Misc/NEWS.d/next/Security/2021-04-25-07-46-37.bpo-43882.Jpwx85.rst
blob: a326d079dff4a4567346689c5b3c28e40bface87 (plain)
1
2
3
4
5
6
The presence of newline or tab characters in parts of a URL could allow
some forms of attacks.

Following the controlling specification for URLs defined by WHATWG
:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
preventing such attacks.