Thanks for the replies everybody. A few thoughts
>From Adrián:
> You should probably be addressing urllib devs with this inquiry (e.g.
such vuln is then probably in many other web frameworks)
I did that in 2021 when I found the issue with newlines in URLs. Python
devs had the resources to
I agree with Jörg. We need evidence of problems before we decide to act, and
that those problems aren’t being addressed in Python. Forcing a new dependency
on all users is not something we’d do lightly.
On the contradictory standards, see the cURL maintainer’s post:
You should probably be addressing urllib devs with this inquiry (e.g. such
vuln is then probably in many other web frameworks). Anyhow, just out of
curiosity, wouldn't it be possible to use functools.partial function to
replace urllib.parse.urlparse with ada-python in settings.py? Or make some