Can't agree more that URL syntax is overcomplicated. Even existing URL parsing libraries behave inconsistently and lead to security vulnerabilities [0].
Without commentary these slides are entirely unhelpful. Someone would have to agree with you already and have a head start on the purpose this presentation in order to understand what is going on here.
The premise is that URL parsing is complex and libraries get it wrong. This problem is pervasive and leads to server side request forgery vulnerabilities, which Orange was able to escalate to remote code execution on Github.
jklinger410|8 years ago
Care to elaborate?
arkadiyt|8 years ago
https://www.youtube.com/watch?v=D1S-G8rJrEk
He also has a blog post about it:
http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilitie...
The premise is that URL parsing is complex and libraries get it wrong. This problem is pervasive and leads to server side request forgery vulnerabilities, which Orange was able to escalate to remote code execution on Github.