#2543: [patch] Django doesn't handle UTF-8 encoded URLs properly
-----------------------------------------------+----------------------------
Reporter: Victor Ng <[EMAIL PROTECTED]> | Owner: hugo
Type: defect | Status: new
Priority: normal | Milestone:
Component: Internationalization | Version:
Severity: normal | Resolution:
Keywords: |
-----------------------------------------------+----------------------------
Comment (by mtredinnick):
There's possibly no need to explicitly turn decoding errors into a new
type of exception (!SuspiciousOperation) -- I'm not sure about that yet --
but we do need to be able to handle them. What you've done is a reasonable
start, since now we know where to look for the error handling.
As far as why it's a security problem: any malformed input is potentially
a security problem, because it can cause unpredictable behaviour, whether
it just be a crash (denial of service) or something worse. So we should be
trying to handle all sorts of malformed input. You are correct that we
still need better "forwards" URL resolving testing. That needs to be
written and should probably be done as soon as we can. I'll look over the
rest of this when I get a chance (if nobody else gets to it first).
In future, please include patches as attachments to the ticket, it makes
downloading, applying and reading them easier.
--
Ticket URL: <http://code.djangoproject.com/ticket/2543>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
