mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-31 23:23:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

[3.13] gh-105704: Disallow square brackets ([ and ]) in domain names for parsed URLs (GH-129418) (GH-129526)

Browse source 
gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)

* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs

* Use Sphinx references



* Add mismatched bracket test cases, fix news format

* Add more test coverage for ports

---------

(cherry picked from commit d89a5f6a6e)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
This commit is contained in:
Miss Islington (bot) 2025-02-02 09:12:51 +01:00 committed by GitHub
parent 1459d08b56
commit 90e526ae67
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 58 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

20
Lib/urllib/parse.py
View file

@ -436,6 +436,23 @@ def _checknetloc(netloc):
raise ValueError("netloc '" + netloc + "' contains invalid " +
"characters under NFKC normalization")
def _check_bracketed_netloc(netloc):
# Note that this function must mirror the splitting
# done in NetlocResultMixins._hostinfo().
hostname_and_port = netloc.rpartition('@')[2]
before_bracket, have_open_br, bracketed = hostname_and_port.partition('[')
if have_open_br:
# No data is allowed before a bracket.
if before_bracket:
raise ValueError("Invalid IPv6 URL")
hostname, _, port = bracketed.partition(']')
# No data is allowed after the bracket but before the port delimiter.
if port and not port.startswith(":"):
raise ValueError("Invalid IPv6 URL")
else:
hostname, _, port = hostname_and_port.partition(':')
_check_bracketed_host(hostname)
# Valid bracketed hosts are defined in
# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
def _check_bracketed_host(hostname):
@ -496,8 +513,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
(']' in netloc and '[' not in netloc)):
raise ValueError("Invalid IPv6 URL")
if '[' in netloc and ']' in netloc:
bracketed_host = netloc.partition('[')[2].partition(']')[0]
_check_bracketed_host(bracketed_host)
_check_bracketed_netloc(netloc)
if allow_fragments and '#' in url:
url, fragment = url.split('#', 1)
if '?' in url: