gh-149144: Use decodeURIComponent() for UTF-8 support in js_output() by sethmlarson · Pull Request #149157 · python/cpython

sethmlarson · 2026-04-29T14:45:32Z

Related to #90309. Fixes a bug in the security fix #148848

The JavaScript function atob() only outputs strings in latin-1, not in utf-8. decodeURIComponent outputs to UTF-8. Tested in Firefox and Chrome and the function decodeURIComponent is supported by IE 5.5+.

Python:

>>> import urllib.parse as u
>>> u.quote('Ł/😀', safe='', encoding='utf-8')
'%C5%81%2F%F0%9F%98%80'

JavaScript (Firefox, Chrome):

>>> decodeURIComponent("%C5%81%2F%F0%9F%98%80")
<<< "Ł/😀"

Issue: CVE-2026-6019 fix does not handle non-ascii chars correctly #149144

…put()

miss-islington-app · 2026-05-14T21:10:43Z

Thanks @sethmlarson for the PR, and @encukou for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14, 3.15.
🐍🍒⛏🤖

miss-islington-app · 2026-05-14T21:10:53Z

Sorry, @sethmlarson and @encukou, I could not cleanly backport this to 3.14 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 461b1d96313de02992d284c1782be9aff24586c9 3.14

bedevere-app · 2026-05-14T21:10:57Z

GH-149846 is a backport of this pull request to the 3.15 branch.

miss-islington-app · 2026-05-14T21:10:59Z

Sorry, @sethmlarson and @encukou, I could not cleanly backport this to 3.13 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker 461b1d96313de02992d284c1782be9aff24586c9 3.13

bedevere-bot · 2026-05-14T21:34:02Z

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot iOS ARM64 Simulator 3.x (tier-3) has failed when building commit 461b1d9.

What do you need to do:

Don't panic.
Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1380/builds/6642) and take a look at the build logs.
Check if the failure is related to this commit (461b1d9) or if it is a false positive.
If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1380/builds/6642

Summary of the results of the build (if available):

Click to see traceback logs

remote: Enumerating objects: 7, done.        
remote: Counting objects:  25% (1/4)        
remote: Counting objects:  50% (2/4)        
remote: Counting objects:  75% (3/4)        
remote: Counting objects: 100% (4/4)        
remote: Counting objects: 100% (4/4), done.        
remote: Compressing objects:  25% (1/4)        
remote: Compressing objects:  50% (2/4)        
remote: Compressing objects:  75% (3/4)        
remote: Compressing objects: 100% (4/4)        
remote: Compressing objects: 100% (4/4), done.        
remote: Total 7 (delta 0), reused 0 (delta 0), pack-reused 3 (from 1)        
From https://github.com/python/cpython
 * branch                    main       -> FETCH_HEAD
Note: switching to '461b1d96313de02992d284c1782be9aff24586c9'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:

  git switch -c <new-branch-name>

Or undo this operation with:

  git switch -

Turn off this advice by setting config variable advice.detachedHead to false

HEAD is now at 461b1d96313 gh-149144: Use decodeURIComponent() for UTF-8 support in js_output() (GH-149157)
Switched to and reset branch 'main'

configure: WARNING: no system libmpdec found; falling back to pure-Python version for the decimal module
configure: WARNING: pkg-config is missing. Some dependencies may not be detected correctly.

configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: pkg-config is missing. Some dependencies may not be detected correctly.
ld: warning: ignoring duplicate libraries: '-lm'
In file included from ../../Modules/_remote_debugging/module.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/gc_stats.c:7:
In file included from ../../Modules/_remote_debugging/gc_stats.h:14:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/object_reading.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/code_objects.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/frames.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
In file included from ../../Modules/_remote_debugging/frame_cache.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/threads.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/binary_io_writer.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/asyncio.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/binary_io_reader.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/subprocess.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Modules/_remote_debugging/subprocess.c:100:1: warning: unused function 'find_children_bfs' [-Wunused-function]
  100 | find_children_bfs(pid_t target_pid, int recursive,
      | ^~~~~~~~~~~~~~~~~
2 warnings generated.
In file included from ../../Modules/_remote_debugging/interpreters.c:7:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
1 warning generated.
1 warning generated.
ld: warning: ignoring duplicate libraries: '-lm'
configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: pkg-config is missing. Some dependencies may not be detected correctly.
ld: warning: ignoring duplicate libraries: '-lm'
In file included from ../../Modules/_remote_debugging/module.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/gc_stats.c:7:
In file included from ../../Modules/_remote_debugging/gc_stats.h:14:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/code_objects.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/object_reading.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/frames.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
In file included from ../../Modules/_remote_debugging/frame_cache.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
In file included from ../../Modules/_remote_debugging/binary_io_reader.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/threads.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/asyncio.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/binary_io_writer.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/subprocess.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Modules/_remote_debugging/subprocess.c:100:1: warning: unused function 'find_children_bfs' [-Wunused-function]
  100 | find_children_bfs(pid_t target_pid, int recursive,
      | ^~~~~~~~~~~~~~~~~
2 warnings generated.
In file included from ../../Modules/_remote_debugging/interpreters.c:7:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
1 warning generated.
1 warning generated.
ld: warning: ignoring duplicate libraries: '-lm'
configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: x86_64-apple-ios-simulator/clang is not supported
configure: WARNING: unrecognized options: --with-system-libmpdec
configure: WARNING: pkg-config is missing. Some dependencies may not be detected correctly.
configure: WARNING:

Platform "x86_64-apple-ios-simulator" with compiler "clang" is not supported by the
CPython core team, see https://peps.python.org/pep-0011/ for more information.

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(brc.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(dynamic_annotations.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(gc_free_threading.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(index_pool.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(jit.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(jit_publish.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(optimizer_analysis.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(optimizer_symbols.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(pystats.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(stackrefs.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(uniqueid.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(perf_jit_trampoline.o) has no symbols
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: libpython3.16.a(jit_unwind.o) has no symbols
ld: warning: ignoring duplicate libraries: '-lm'
In file included from ../../Modules/_remote_debugging/module.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/gc_stats.c:7:
In file included from ../../Modules/_remote_debugging/gc_stats.h:14:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
In file included from ../../Modules/_remote_debugging/object_reading.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/code_objects.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/frames.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
1 warning generated.
In file included from ../../Modules/_remote_debugging/frame_cache.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/binary_io_writer.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/asyncio.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/binary_io_reader.c:13:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/threads.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../../Modules/_remote_debugging/subprocess.c:8:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../Modules/_remote_debugging/subprocess.c:100:1: warning: unused function 'find_children_bfs' [-Wunused-function]
  100 | find_children_bfs(pid_t target_pid, int recursive,
      | ^~~~~~~~~~~~~~~~~
1 warning generated.
2 warnings generated.
1 warning generated.
1 warning generated.
1 warning generated.
1 warning generated.
In file included from ../../Modules/_remote_debugging/interpreters.c:7:
In file included from ../../Modules/_remote_debugging/_remote_debugging.h:34:
../../Modules/_remote_debugging/../../Python/remote_debug.h:165:1: warning: unused function '_Py_RemoteDebug_ValidatePyRuntimeCookie' [-Wunused-function]
  165 | _Py_RemoteDebug_ValidatePyRuntimeCookie(proc_handle_t *handle, uintptr_t address)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
1 warning generated.
ld: warning: ignoring duplicate libraries: '-lm'

--- xcodebuild: WARNING: Using the first of multiple matching destinations:
{ platform:iOS Simulator, id:4F9AFDE7-A49A-46AD-B161-FCA22E48EA55, OS:18.3.1, name:iPhone SE (3rd generation) }
{ platform:iOS Simulator, id:4F9AFDE7-A49A-46AD-B161-FCA22E48EA55, OS:18.3.1, name:iPhone SE (3rd generation) }

…tput() (GH-149157) (GH-149846) gh-149144: Use decodeURIComponent() for UTF-8 support in js_output() (GH-149157) (cherry picked from commit 461b1d9) Co-authored-by: Seth Larson <seth@python.org>

bedevere-app · 2026-05-14T22:47:06Z

GH-149849 is a backport of this pull request to the 3.14 branch.

bedevere-bot · 2026-05-14T23:18:20Z

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot s390x Fedora Stable Refleaks 3.x (tier-3) has failed when building commit 461b1d9.

What do you need to do:

Don't panic.
Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/1641/builds/2111) and take a look at the build logs.
Check if the failure is related to this commit (461b1d9) or if it is a false positive.
If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/1641/builds/2111

Failed tests:

test.test_multiprocessing_fork.test_processes

Failed subtests:

test_interrupt - test.test_multiprocessing_fork.test_processes.WithProcessesTestProcess.test_interrupt

Summary of the results of the build (if available):

==

Click to see traceback logs

Traceback (most recent call last):
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 320, in _bootstrap
    self.run()
    ~~~~~~~~^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 577, in _sleep_some_event
    time.sleep(100)
    ~~~~~~~~~~^^^^^
KeyboardInterrupt
k


Traceback (most recent call last):
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/contextlib.py", line 116, in inner
    return func(*args, **kwds)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 649, in test_interrupt
    exitcode = self._kill_process(multiprocessing.Process.interrupt)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/contextlib.py", line 116, in inner
    return func(*args, **kwds)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 630, in _kill_process
    self.assertEqual(join(), None)
                     ~~~~^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 303, in __call__
    return self.func(*args, **kwds)
           ~~~~~~~~~^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 156, in join
    res = self._popen.wait(timeout)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/popen_fork.py", line 44, in wait
    return self.poll(os.WNOHANG if timeout == 0.0 else 0)
           ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/popen_fork.py", line 28, in poll
    pid, sts = os.waitpid(self.pid, flag)
               ~~~~~~~~~~^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 626, in handler
    raise RuntimeError('join took too long: %s' % p)
RuntimeError: join took too long: <Process name='Process-1319' pid=724984 parent=705040 started daemon>


Traceback (most recent call last):
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/contextlib.py", line 116, in inner
    return func(*args, **kwds)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 649, in test_interrupt
    exitcode = self._kill_process(multiprocessing.Process.interrupt)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/contextlib.py", line 116, in inner
    return func(*args, **kwds)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 630, in _kill_process
    self.assertEqual(join(), None)
                     ~~~~^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 303, in __call__
    return self.func(*args, **kwds)
           ~~~~~~~~~^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 156, in join
    res = self._popen.wait(timeout)
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/popen_fork.py", line 44, in wait
    return self.poll(os.WNOHANG if timeout == 0.0 else 0)
           ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/popen_fork.py", line 28, in poll
    pid, sts = os.waitpid(self.pid, flag)
               ~~~~~~~~~~^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 626, in handler
    raise RuntimeError('join took too long: %s' % p)
RuntimeError: join took too long: <Process name='Process-2' pid=755955 parent=755951 started daemon>


Traceback (most recent call last):
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 320, in _bootstrap
    self.run()
    ~~~~~~~~^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/multiprocessing/process.py", line 108, in run
    self._target(*self._args, **self._kwargs)
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/_test_multiprocessing.py", line 577, in _sleep_some_event
    time.sleep(100)
    ~~~~~~~~~~^^^^^
  File "/var/lib/buildbot/worker/cstratak-fedora-stable-s390x/3.x.cstratak-fedora-stable-s390x.refleak/build/Lib/test/libregrtest/setup.py", line 84, in _test_audit_hook
    def _test_audit_hook(name, args):
    
KeyboardInterrupt
k

pythongh-149144: Use decodeURIComponent() for UTF-8 support in js_out…

639e32a

…put()

sethmlarson added the type-security A security issue label Apr 29, 2026

bedevere-app Bot added the awaiting review label Apr 29, 2026

bedevere-app Bot mentioned this pull request Apr 29, 2026

CVE-2026-6019 fix does not handle non-ascii chars correctly #149144

Open

sethmlarson requested review from picnixz and serhiy-storchaka and removed request for picnixz April 29, 2026 14:45

StanFromIreland reviewed Apr 29, 2026

View reviewed changes

Comment thread Misc/NEWS.d/next/Security/2026-04-29-09-20-00.gh-issue-149144.knfL8K.rst Outdated

sethmlarson added the skip news label Apr 29, 2026

Delete newsfragment

b74e8e4

sethmlarson requested a review from StanFromIreland April 29, 2026 15:23

Merge in the main branch

192209f

encukou added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes needs backport to 3.15 pre-release feature fixes, bugs and security fixes labels May 13, 2026

encukou approved these changes May 14, 2026

View reviewed changes

bedevere-app Bot added awaiting merge and removed awaiting review labels May 14, 2026

encukou merged commit 461b1d9 into python:main May 14, 2026
99 of 101 checks passed

bedevere-app Bot removed the awaiting merge label May 14, 2026

miss-islington-app Bot assigned encukou May 14, 2026

bedevere-app Bot removed the needs backport to 3.15 pre-release feature fixes, bugs and security fixes label May 14, 2026

bedevere-app Bot removed the needs backport to 3.14 bugs and security fixes label May 14, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

gh-149144: Use decodeURIComponent() for UTF-8 support in js_output()#149157

gh-149144: Use decodeURIComponent() for UTF-8 support in js_output()#149157
encukou merged 3 commits into
python:mainfrom
sethmlarson:js-cookie-percent-encoding

sethmlarson commented Apr 29, 2026 •

edited by bedevere-app Bot

Loading

Uh oh!

Uh oh!

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

bedevere-app Bot commented May 14, 2026

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

bedevere-bot commented May 14, 2026

Uh oh!

bedevere-app Bot commented May 14, 2026

Uh oh!

bedevere-bot commented May 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

sethmlarson commented Apr 29, 2026 • edited by bedevere-app Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

bedevere-app Bot commented May 14, 2026

Uh oh!

miss-islington-app Bot commented May 14, 2026

Uh oh!

bedevere-bot commented May 14, 2026

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Uh oh!

bedevere-app Bot commented May 14, 2026

Uh oh!

bedevere-bot commented May 14, 2026

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

sethmlarson commented Apr 29, 2026 •

edited by bedevere-app Bot

Loading