--- Lib/test/test_urlparse.py | 20 ++++++++++ Lib/urlparse.py | 2 - Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rs | 2 + 3 files changed, 23 insertions(+), 1 deletion(-) --- a/Lib/test/test_urlparse.py +++ b/Lib/test/test_urlparse.py @@ -592,6 +592,26 @@ class UrlParseTestCase(unittest.TestCase self.assertEqual(p.netloc, "www.example.net:foo") self.assertRaises(ValueError, lambda: p.port) + def do_attributes_bad_scheme(self, bytes, parse, scheme): + url = scheme + "://www.example.net" + if bytes: + if url.isascii(): + url = url.encode("ascii") + else: + continue + p = parse(url) + if bytes: + self.assertEqual(p.scheme, b"") + else: + self.assertEqual(p.scheme, "") + + def test_attributes_bad_scheme(self): + """Check handling of invalid schemes.""" + for bytes in (False, True): + for parse in (urlparse.urlsplit, urlparse.urlparse): + for scheme in (".", "+", "-", "0", "http&", "६http"): + self.do_attributes_bad_scheme(bytes, parse, scheme) + def test_attributes_without_netloc(self): # This example is straight from RFC 3261. It looks like it # should allow the username, hostname, and port to be filled --- a/Lib/urlparse.py +++ b/Lib/urlparse.py @@ -211,7 +211,7 @@ def urlsplit(url, scheme='', allow_fragm clear_cache() netloc = query = fragment = '' i = url.find(':') - if i > 0: + if i > 0 and url[0].isascii() and url[0].isalpha(): if url[:i] == 'http': # optimize the common case scheme = url[:i].lower() url = url[i+1:] --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-11-12-15-45-51.gh-issue-99418.FxfAXS.rs @@ -0,0 +1,2 @@ +Fix bug in :func:`urllib.parse.urlparse` that causes URL schemes that begin +with a digit, a plus sign, or a minus sign to be parsed incorrectly.