Add URI parsing warning (#21547)

Related to CVE-2021-41259 https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc https://github.com/nim-lang/Nim/pull/19128#issuecomment-1181944367
2026-06-07 04:14:19 +00:00 · 2023-03-20 17:51:58 +00:00
parent da7833c68b
commit 9df8ca0d81
2 changed files with 4 additions and 0 deletions
--- a/lib/pure/httpclient.nim
+++ b/lib/pure/httpclient.nim
@@ -10,6 +10,8 @@
 ## This module implements a simple HTTP client that can be used to retrieve
 ## webpages and other data.
 ##
+## .. warning:: Validate untrusted inputs: URI parsers and getters are not detecting malicious URIs.
+##
 ## Retrieving a website
 ## ====================
 ##
--- a/lib/pure/uri.nim
+++ b/lib/pure/uri.nim
@@ -14,6 +14,8 @@
 ## as a locator, a name, or both. The term "Uniform Resource Locator"
 ## (URL) refers to the subset of URIs.
 ##
+## .. warning:: URI parsers in this module do not perform security validation.
+##
 ## # Basic usage