Comment by scott_w
2 months ago
> But when you talk about URL parsing in a linter or a regexp in logging code, I think you're implying that the bugs are unimportant, in part, because the code only handles trusted input.
It is a bug but it’s not necessarily a security hole in the library. That’s what OP is saying.
Yes, that’s the OP’s main point, but their choice of examples suggests that they are also thinking about trusted input.
In the context of security holes.