Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/url: pathologically silly URL parsing fails #54920

Closed
cwedgwood opened this issue Sep 7, 2022 · 1 comment
Closed

net/url: pathologically silly URL parsing fails #54920

cwedgwood opened this issue Sep 7, 2022 · 1 comment
Labels
FrozenDueToAge

Comments

@cwedgwood
Copy link
Contributor

cwedgwood commented Sep 7, 2022
edited

What version of Go are you using (go version)?

1.18 though tip

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

n/a

What did you do?

https://go.dev/play/p/63z_YnaE4vw?v=gotip

package main

import (
	"fmt"
	"net/url"
)

func main() {
	// https://twitter.com/bagder/status/1567162794092404742
	ickyUrl := `http://http://http://@http://http://?http://#http://`
	u, _ := url.Parse(ickyUrl)
	fmt.Printf("User: %v\n", u.User)
	fmt.Printf("Path: %v\n", u.Path)
}

What did you expect to see?

(this should be sanity checked, i might be reading things wrong)

User: http://http:// 
Path: http://http://

What did you see instead?

User: 
Path: //http://@http://http://

I noticed some more talk about what is correct later on: https://twitter.com/mtrantalainen/status/1567187061202878465

This is quirky enough it's not clear what the safe (not necessarily correct) thing should be. Perhaps nothing.
@cwedgwood cwedgwood changed the title net/url: pathologically silly url Parsing fails net/url: pathologically silly URL parsing fails Sep 7, 2022
@seankhliao
Copy link
Member

From RFC 3986 Section 3.2

The authority component is preceded by a double slash ("//") and is
terminated by the next slash ("/"), question mark ("?"), or number
sign ("#") character, or by the end of the URI.

The WHATWG parser also doesn't think / is valid there: https://url.spec.whatwg.org/#authority-state

Closing as this appears to be working as intended.

@seankhliao seankhliao closed this as not planned Won't fix, can't repro, duplicate, stale Sep 7, 2022
@golang golang locked and limited conversation to collaborators Sep 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cwedgwood @gopherbot @seankhliao