Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ensure NeoPG::URI and NeoPG::Http agree on URL parsing. #61

Closed
lambdafu opened this issue Mar 20, 2018 · 2 comments
Closed

ensure NeoPG::URI and NeoPG::Http agree on URL parsing. #61

lambdafu opened this issue Mar 20, 2018 · 2 comments

Comments

@lambdafu
Copy link
Collaborator

Mismatching URL parser can lead to security problems (for example whitelisting domain names such as "brave.com%60x.code-fu.org"). Currently, NeoPG does only check the protocol, but in case we want to do more, this issue shall remind us to be careful.

Unfortunately, libcurl doesn't expose the URL parser yet: curl/curl#2412
lambdafu added a commit that referenced this issue Mar 20, 2018
@lambdafu
Add test case for URI parser for WHATWG compliance (issue #61).
2e46380
@lambdafu
Copy link
Collaborator Author

Original report here: nodejs/node#19468

lambdafu added a commit that referenced this issue Mar 21, 2018
@lambdafu
Add test case for URI parser for WHATWG compliance (issue #61).
cfca3c0
@lambdafu
Copy link
Collaborator Author

Fixed by #62.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lambdafu