- From: TechnicallyWeb3 <notifications@github.com>
- Date: Sun, 05 Oct 2025 08:45:00 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Sunday, 5 October 2025 15:45:04 UTC
TechnicallyWeb3 left a comment (whatwg/url#883) > And under no circumstances (I mean it, it's a big security issue most-likely) write a custom parser for user-inputted URLs that first is not going through a WHATWG-compliant URL parser first. > > Meaning, don't do raw split's and what not on raw strings. Remember, `https://123/`'s hostname is not `123`, it's `0.0.0.123`. > > Make sure your URL has gone through a URL parser at least once during its lifetime, or you completely trust the place where the URL is being generated. Can't do this with port number 11155111... Text parsing is incredibly easy if you know where the delimiters are. This issue isn't about parsing but bit spaces. We seen more bit depth in port numbers because different (non-TCPIP) protocols can use the port of the url as needed. -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/883#issuecomment-3369141471 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/883/3369141471@github.com>
Received on Sunday, 5 October 2025 15:45:04 UTC