id,summary,reporter,owner,description,type,status,priority,milestone,component,resolution,keywords,cc,branch,branch_author,launchpad_bug
2628,twisted.web.client._parse (and any other urlparse-using code) is succeptible to cache poisoning,exarkun,,"Consider:

{{{
exarkun@charm:~$ python
Python 2.4.3 (#2, Oct  6 2006, 07:52:30)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
Type ""help"", ""copyright"", ""credits"" or ""license"" for more information.
>>> import urlparse
>>> urlparse.urlparse('http://hello/world')
('http', 'hello', '/world', '', '', '')
>>> urlparse.urlparse(u'http://hello/world')
('http', 'hello', '/world', '', '', '')
>>>
exarkun@charm:~$ python
Python 2.4.3 (#2, Oct  6 2006, 07:52:30)
[GCC 4.0.3 (Ubuntu 4.0.3-1ubuntu5)] on linux2
Type ""help"", ""copyright"", ""credits"" or ""license"" for more information.
>>> import urlparse
>>> urlparse.urlparse(u'http://hello/world')
(u'http', u'hello', u'/world', '', '', '')
>>> urlparse.urlparse('http://hello/world')
(u'http', u'hello', u'/world', '', '', '')
>>>
}}}

One ought never to pass unicode strings to urlparse, most likely, but given that if any code in your process does it, your otherwise correct code might suffer the consequences, it is probably worth taking additional precautions around urlparse usage.
",defect,closed,highest,,web,fixed,,,,,