Skip to content

Commit 8700060

Browse files
fionnfionn
committed
Open web browser with absolute path
On macOS, web browsers are opened via popen calling osascript. However, if a user has a colliding osascript executable earlier in their PATH, this may fail or cause unwanted behaviour. Depending on one's environment or level of paranoia, this may be considered a security vulnerability.
1 parent 3964f97 commit 8700060

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

Lib/test/test_webbrowser.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -343,7 +343,7 @@ def test_default_open(self):
343343
url = "https://python.org"
344344
self.browser.open(url)
345345
self.assertTrue(self.popen_pipe._closed)
346-
self.assertEqual(self.popen_pipe.cmd, "osascript")
346+
self.assertEqual(self.popen_pipe.cmd, "/usr/bin/osascript")
347347
script = self.popen_pipe.pipe.getvalue()
348348
self.assertEqual(script.strip(), f'open location "{url}"')
349349

Lib/webbrowser.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -644,7 +644,7 @@ def open(self, url, new=0, autoraise=True):
644644
end
645645
'''
646646

647-
osapipe = os.popen("osascript", "w")
647+
osapipe = os.popen("/usr/bin/osascript", "w")
648648
if osapipe is None:
649649
return False
650650

0 commit comments

Comments
 (0)