Chris Angelico <ros...@gmail.com>: > On Thu, Jun 7, 2018 at 7:29 PM, Marko Rauhamaa <ma...@pacujo.net> wrote: >> 3. http://localhost:8000/te%00st.html >> >> => The server crashes with a ValueError and the TCP connection is >> reset >> > > Actually, I couldn't even get Chrome to make that request, so it > obviously was considered by the browser to be invalid.
Wow! Why on earth? > it's somewhat unideal behaviour - I would prefer to see an HTTP 500 > come back if the server crashes - but I can't see that that's a > security problem. Just a QOS issue, wherein you might get a 500 rather > than a 404 for certain requests. It's a demonstration of how this innocent-looking problem can lead to surprising and even serious consequences. The given URI is well-formed and should not give any particular trouble to any HTTP server. Marko -- https://mail.python.org/mailman/listinfo/python-list