[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 69/150: libcurl-security.3: mention the URL standar
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 69/150: libcurl-security.3: mention the URL standards problems too |
Date: |
Fri, 30 Mar 2018 16:48:43 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit 03b7b2e8fc786f090599b6b4d32bb0c9cc03165a
Author: Daniel Stenberg <address@hidden>
AuthorDate: Tue Feb 13 12:05:43 2018 +0100
libcurl-security.3: mention the URL standards problems too
---
docs/libcurl/libcurl-security.3 | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3
index 63dad5de0..3334d581c 100644
--- a/docs/libcurl/libcurl-security.3
+++ b/docs/libcurl/libcurl-security.3
@@ -226,6 +226,16 @@ Remedies:
- libcurl programs can use \fICURLOPT_PROTOCOLS(3)\fP
- consider not allowing the user to set the full URL
- consider strictly filtering input to only allow specific choices
+.SH "RFC 3986 vs WHATWG URL"
+curl supports URLs mostly according to how they are defined in RFC 3986, and
+has done so since the beginning.
+
+Web browsers mostly adhere to the WHATWG URL Specification.
+
+This deviance makes some URLs copied between browsers (or returned over HTTP
+for redirection) and curl not work the same way. This can mislead users into
+getting the wrong thing, connecting to the wrong host or otherwise not work
+identically.
.SH "FTP uses two connections"
When performing an FTP transfer, two TCP connections are used: one for setting
up the transfer and one for the actual data.
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 65/150: tlsauthtype.d: works only if libcurl is built with TLS-SRP support, (continued)
- [GNUnet-SVN] [gnurl] 65/150: tlsauthtype.d: works only if libcurl is built with TLS-SRP support, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 76/150: KNOWN_BUGS: 2.5 curl should not offer "ALPN: h2" when using https-proxy, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 96/150: hostip: fix 'potentially uninitialized variable' warning, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 115/150: unit1307: proper cleanup on OOM to fix torture tests, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 39/150: fnmatch: accept an alphanum to be followed by a non-alphanum in char set, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 54/150: schannel: fix compiler warnings, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 103/150: os400: add curl_resolver_start_callback type to ILE/RPG binding, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 81/150: ssh: add two missing state names, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 86/150: http: fix the max header length detection logic, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 128/150: http2: verbose output new MAX_CONCURRENT_STREAMS values, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 69/150: libcurl-security.3: mention the URL standards problems too,
gnunet <=
- [GNUnet-SVN] [gnurl] 77/150: TODO: 18.18 retry on network is unreachable, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 124/150: WolfSSL: adding TLSv1.3, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 137/150: FTP: reject path components with control codes, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 101/150: url: Add option CURLOPT_RESOLVER_START_FUNCTION, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 131/150: Curl_range: fix FTP-only and FILE-only builds, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 125/150: THANKS + mailmap: remove duplicates, fixup full names, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 34/150: file: Check the return code from Curl_range and bail out on error, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 48/150: build-openssl.bat: Extend VC15 support to include Enterprise and Professional, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 63/150: sha256: avoid redefine, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 79/150: non-ascii: fix implicit declaration warning, gnunet, 2018/03/30