💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › srmreb$f6r$1@gioia.aioe.or… captured on 2023-04-26 at 14:04:08. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
From: James Tomasino <james@tomasino.org>
Subject: URL Parsers
Date: Wed, 12 Jan 2022 15:17:30 +0000
Message-ID: <srmreb$f6r$1@gioia.aioe.org>
We've had some (*cough*) discussion on the complexities
of URLs in the past on the mailing list. Daniel of curl
fame just wrote an excellent post about the topic and
the dangers of using different parsers or parsing
algorithms.
https://daniel.haxx.se/blog/2022/01/10/dont-mix-url-parsers/
Note: the link to the report is currently a broken URL.
the correct link seems to be:
https://mysecuritymarketplace.com/mp-files/exploiting-url-parsers-the-good-bad-and-inconsistent.pdf/
It's easy to include URLs in Gemini (or URIs or IRIs or
whatever variant we want to rant about) without careful
consideration to what they really represent. Beyond a
simple content address, they offer all sorts of crazy
behaviors on the fringes.
It's worth a read, if only for the library
vulnerabilities. Maybe it can help mitigate some issues
for server authors.
- tomasino
No related messages found.