|
 |
925e6b |
diff --git a/Doc/library/urlparse.rst b/Doc/library/urlparse.rst
|
|
|
925e6b |
index efd112d..61022f7 100644
|
|
|
925e6b |
--- a/Doc/library/urlparse.rst
|
|
|
925e6b |
+++ b/Doc/library/urlparse.rst
|
|
|
925e6b |
@@ -118,6 +118,12 @@ The :mod:`urlparse` module defines the following functions:
|
|
|
925e6b |
See section :ref:`urlparse-result-object` for more information on the result
|
|
|
925e6b |
object.
|
|
|
925e6b |
|
|
|
925e6b |
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
|
|
|
925e6b |
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
|
|
|
925e6b |
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
|
|
|
925e6b |
+ decomposed before parsing, or is not a Unicode string, no error will be
|
|
|
925e6b |
+ raised.
|
|
|
925e6b |
+
|
|
|
925e6b |
.. versionchanged:: 2.5
|
|
|
925e6b |
Added attributes to return value.
|
|
|
925e6b |
|
|
|
925e6b |
@@ -125,6 +131,11 @@ The :mod:`urlparse` module defines the following functions:
|
|
|
925e6b |
Added IPv6 URL parsing capabilities.
|
|
|
925e6b |
|
|
|
925e6b |
|
|
|
925e6b |
+ .. versionchanged:: 2.7.17
|
|
|
925e6b |
+ Characters that affect netloc parsing under NFKC normalization will
|
|
|
925e6b |
+ now raise :exc:`ValueError`.
|
|
|
925e6b |
+
|
|
|
925e6b |
+
|
|
|
925e6b |
.. function:: parse_qs(qs[, keep_blank_values[, strict_parsing]])
|
|
|
925e6b |
|
|
|
925e6b |
Parse a query string given as a string argument (data of type
|
|
|
925e6b |
@@ -219,11 +230,21 @@ The :mod:`urlparse` module defines the following functions:
|
|
|
925e6b |
See section :ref:`urlparse-result-object` for more information on the result
|
|
|
925e6b |
object.
|
|
|
925e6b |
|
|
|
925e6b |
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
|
|
|
925e6b |
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
|
|
|
925e6b |
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
|
|
|
925e6b |
+ decomposed before parsing, or is not a Unicode string, no error will be
|
|
|
925e6b |
+ raised.
|
|
|
925e6b |
+
|
|
|
925e6b |
.. versionadded:: 2.2
|
|
|
925e6b |
|
|
|
925e6b |
.. versionchanged:: 2.5
|
|
|
925e6b |
Added attributes to return value.
|
|
|
925e6b |
|
|
|
925e6b |
+ .. versionchanged:: 2.7.17
|
|
|
925e6b |
+ Characters that affect netloc parsing under NFKC normalization will
|
|
|
925e6b |
+ now raise :exc:`ValueError`.
|
|
|
925e6b |
+
|
|
|
925e6b |
|
|
|
925e6b |
.. function:: urlunsplit(parts)
|
|
|
925e6b |
|
|
|
925e6b |
diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
|
|
|
925e6b |
index 72ebfaa..2717163 100644
|
|
|
925e6b |
--- a/Lib/test/test_urlparse.py
|
|
|
925e6b |
+++ b/Lib/test/test_urlparse.py
|
|
|
925e6b |
@@ -1,6 +1,8 @@
|
|
|
925e6b |
#! /usr/bin/env python
|
|
|
925e6b |
|
|
|
925e6b |
from test import test_support
|
|
|
925e6b |
+import sys
|
|
|
925e6b |
+import unicodedata
|
|
|
925e6b |
import unittest
|
|
|
925e6b |
import urlparse
|
|
|
925e6b |
|
|
|
925e6b |
@@ -564,6 +566,45 @@ class UrlParseTestCase(unittest.TestCase):
|
|
|
925e6b |
self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
|
|
|
925e6b |
('http','www.python.org:80','','','',''))
|
|
|
925e6b |
|
|
|
925e6b |
+ def test_urlsplit_normalization(self):
|
|
|
925e6b |
+ # Certain characters should never occur in the netloc,
|
|
|
925e6b |
+ # including under normalization.
|
|
|
925e6b |
+ # Ensure that ALL of them are detected and cause an error
|
|
|
925e6b |
+ illegal_chars = u'/:#?@'
|
|
|
925e6b |
+ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
|
|
|
925e6b |
+ denorm_chars = [
|
|
|
925e6b |
+ c for c in map(unichr, range(128, sys.maxunicode))
|
|
|
925e6b |
+ if (hex_chars & set(unicodedata.decomposition(c).split()))
|
|
|
925e6b |
+ and c not in illegal_chars
|
|
|
925e6b |
+ ]
|
|
|
925e6b |
+ # Sanity check that we found at least one such character
|
|
|
925e6b |
+ self.assertIn(u'\u2100', denorm_chars)
|
|
|
925e6b |
+ self.assertIn(u'\uFF03', denorm_chars)
|
|
|
925e6b |
+
|
|
|
925e6b |
+ # bpo-36742: Verify port separators are ignored when they
|
|
|
925e6b |
+ # existed prior to decomposition
|
|
|
925e6b |
+ urlparse.urlsplit(u'http://\u30d5\u309a:80')
|
|
|
925e6b |
+ with self.assertRaises(ValueError):
|
|
|
925e6b |
+ urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
|
|
|
925e6b |
+
|
|
|
925e6b |
+ for scheme in [u"http", u"https", u"ftp"]:
|
|
|
925e6b |
+ for netloc in [u"netloc{}false.netloc", u"n{}user@netloc"]:
|
|
|
925e6b |
+ for c in denorm_chars:
|
|
|
925e6b |
+ url = u"{}://{}/path".format(scheme, netloc.format(c))
|
|
|
925e6b |
+ if test_support.verbose:
|
|
|
925e6b |
+ print "Checking %r" % url
|
|
|
925e6b |
+ with self.assertRaises(ValueError):
|
|
|
925e6b |
+ urlparse.urlsplit(url)
|
|
|
925e6b |
+
|
|
|
925e6b |
+ # check error message: invalid netloc must be formated with repr()
|
|
|
925e6b |
+ # to get an ASCII error message
|
|
|
925e6b |
+ with self.assertRaises(ValueError) as cm:
|
|
|
925e6b |
+ urlparse.urlsplit(u'http://example.com\uFF03@bing.com')
|
|
|
925e6b |
+ self.assertEqual(str(cm.exception),
|
|
|
925e6b |
+ "netloc u'example.com\\uff03@bing.com' contains invalid characters "
|
|
|
925e6b |
+ "under NFKC normalization")
|
|
|
925e6b |
+ self.assertIsInstance(cm.exception.args[0], str)
|
|
|
925e6b |
+
|
|
|
925e6b |
def test_main():
|
|
|
925e6b |
test_support.run_unittest(UrlParseTestCase)
|
|
|
925e6b |
|
|
|
925e6b |
diff --git a/Lib/urlparse.py b/Lib/urlparse.py
|
|
|
925e6b |
index 4ce982e..9a1df74 100644
|
|
|
925e6b |
--- a/Lib/urlparse.py
|
|
|
925e6b |
+++ b/Lib/urlparse.py
|
|
|
925e6b |
@@ -164,6 +164,25 @@ def _splitnetloc(url, start=0):
|
|
|
925e6b |
delim = min(delim, wdelim) # use earliest delim position
|
|
|
925e6b |
return url[start:delim], url[delim:] # return (domain, rest)
|
|
|
925e6b |
|
|
|
925e6b |
+def _checknetloc(netloc):
|
|
|
925e6b |
+ if not netloc or not isinstance(netloc, unicode):
|
|
|
925e6b |
+ return
|
|
|
925e6b |
+ # looking for characters like \u2100 that expand to 'a/c'
|
|
|
925e6b |
+ # IDNA uses NFKC equivalence, so normalize for this check
|
|
|
925e6b |
+ import unicodedata
|
|
|
925e6b |
+ n = netloc.replace(u'@', u'') # ignore characters already included
|
|
|
925e6b |
+ n = n.replace(u':', u'') # but not the surrounding text
|
|
|
925e6b |
+ n = n.replace(u'#', u'')
|
|
|
925e6b |
+ n = n.replace(u'?', u'')
|
|
|
925e6b |
+ netloc2 = unicodedata.normalize('NFKC', n)
|
|
|
925e6b |
+ if n == netloc2:
|
|
|
925e6b |
+ return
|
|
|
925e6b |
+ for c in '/?#@:':
|
|
|
925e6b |
+ if c in netloc2:
|
|
|
925e6b |
+ raise ValueError("netloc %r contains invalid characters "
|
|
|
925e6b |
+ "under NFKC normalization"
|
|
|
925e6b |
+ % netloc)
|
|
|
925e6b |
+
|
|
|
925e6b |
def urlsplit(url, scheme='', allow_fragments=True):
|
|
|
925e6b |
"""Parse a URL into 5 components:
|
|
|
925e6b |
<scheme>://<netloc>/<path>?<query>#<fragment>
|
|
|
925e6b |
@@ -192,6 +211,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
|
|
|
925e6b |
url, fragment = url.split('#', 1)
|
|
|
925e6b |
if '?' in url:
|
|
|
925e6b |
url, query = url.split('?', 1)
|
|
|
925e6b |
+ _checknetloc(netloc)
|
|
|
925e6b |
v = SplitResult(scheme, netloc, url, query, fragment)
|
|
|
925e6b |
_parse_cache[key] = v
|
|
|
925e6b |
return v
|
|
|
925e6b |
@@ -215,6 +235,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
|
|
|
925e6b |
url, fragment = url.split('#', 1)
|
|
|
925e6b |
if '?' in url:
|
|
|
925e6b |
url, query = url.split('?', 1)
|
|
|
925e6b |
+ _checknetloc(netloc)
|
|
|
925e6b |
v = SplitResult(scheme, netloc, url, query, fragment)
|
|
|
925e6b |
_parse_cache[key] = v
|
|
|
925e6b |
return v
|