When URL parsers disagree (CVE-2023-38633, librsvg)

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Whatwg Waf Url Cloudflare Standard

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • wirefilter

    An execution engine for Wireshark-like filters

    • Out of interest, was this the project that eventually became wirefilter [1]?

    [1]: https://github.com/cloudflare/wirefilter

  • firewalker

    Testing framework for Cloudflare Firewall rules

    • Thank you for releasing it! I adopted wirefilter for a firewall rule testing project, firewalker [1]. But indeed, I wish Cloudflare kept maintaining its OSS version.

    [1]: https://github.com/SerCeMan/firewalker/

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • CPython

    The Python programming language

    • Speaking of URL parsing differences, Python's urllib library recently had a CVE for failing to strip whitespace from the scheme and domain.

    https://github.com/python/cpython/issues/102153

  • url

    URL Standard

    • Browsers have discrepancies too of course. Here's an interesting Chromium bug I've been following: https://bugs.chromium.org/p/chromium/issues/detail?id=125253... and an associated WHATWG discussion: https://github.com/whatwg/url/issues/606

    Some multiple examples of browsers disagreeing: https://www.yagiz.co/url-parsing-and-browser-differences

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts