ok2c commented on code in PR #571:
URL:
https://github.com/apache/httpcomponents-core/pull/571#discussion_r2422748235
##########
httpcore5/src/main/java/org/apache/hc/core5/net/URIAuthority.java:
##########
@@ -62,26 +72,109 @@ static URIAuthority parse(final CharSequence s, final
Tokenizer.Cursor cursor) t
userInfo = token;
}
} else {
- //Rewind
cursor.updatePos(initPos);
}
+
+ if (!cursor.atEnd() && s.charAt(cursor.getPos()) == '[') {
Review Comment:
@arturobernalg God Merciful. Do we _really_ need to do all this? I have been
trying to reduce our security footprint outside of our direct area of
responsibility. This is just a matter of time some "security professionals" or
"security researchers" will start crawling up your rectum claiming this code is
potentially vulnerable to exploits by green men from Mars and demand an CVE
with their name on it. I understand, we all have to make a living, so do
security researches, but do we really need all that?
Again, why are we doing this? Do we really need to parse IPv6 addresses?
Really.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
