From 54066f5d09dce2c96ddda6e25f33cf8fa5d50801 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 13 Jun 2018 11:24:34 +0200
Subject: TODO: "Option to refuse usernames in URLs" done
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implemented by Björn in 946ce5b61f
---
 docs/TODO | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/docs/TODO b/docs/TODO
index 3d58717b4..cea637868 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,7 +17,6 @@
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
- 1.1 Option to refuse usernames in URLs
  1.2 More data sharing
  1.3 struct lifreq
  1.4 signal-based resolver timeouts
@@ -189,16 +188,6 @@
 
 1. libcurl
 
-1.1 Option to refuse usernames in URLs
-
- There's a certain risk for application in allowing user names in URLs. For
- example: if the wrong person gets to set the URL and manages to set a user
- name in there when .netrc is used, the application may send along a password
- that otherwise the person couldn't provide.
-
- A new libcurl option could be added to allow applications to switch off this
- feature and thus avoid a potential risk.
-
 1.2 More data sharing
 
  curl_share_* functions already exist and work, and they can be extended to
-- 
cgit v1.2.1