mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[3.10] bpo-43882 - Mention urllib.parse changes in Whats new section. (GH-26275) 

* [3.10] bpo-43882 - Mention urllib.parse changes in Whats new section.

* escape the \n chars, ReSTify :rfc:, urllib.parse is a :mod:

* minor formatting.

Co-authored-by: Gregory P. Smith <greg@krypto.org>
This commit is contained in:
Senthil Kumaran 2021-05-21 05:29:24 -07:00 committed by GitHub
parent ee51c56c02
commit f14015adf5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Doc/whatsnew/3.10.rst
View File

@ -1337,6 +1337,13 @@ functions internally. For more details, please see their respective
documentation.
(Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.)
The presence of newline or tab characters in parts of a URL allows for some
forms of attacks. Following the WHATWG specification that updates :rfc:`3986`,
ASCII newline ``\n``, ``\r`` and tab ``\t`` characters are stripped from the
URL by the parser in :mod:`urllib.parse` preventing such attacks. The removal
characters are controlled by a new module level variable
``urllib.parse._UNSAFE_URL_BYTES_TO_REMOVE``. (See :issue:`43882`)
xml
---