org.eclipse.jetty:jetty-http has different parsing of invalid URIs

The Jetty URI parser has some key differences compared to other common parsers when evaluating invalid or unusual URIs. Specifically: Invalid Scheme | URI | Jetty | uri-js nodejs | node-urlnodejs | |---|---|---| --- | | https://vulndetector.com/path | scheme=http| scheme=https | invalid URI |...

PYSEC-2012-2

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...