Pardone my ignorance, serious question:
Why is this a big deal?
I'm probably underestimting the work needed, but it doesn't look like a hard thing to write.
What am I missing?
Over the years, curl itself has had 9 CVEs relating to handling URLs [0] so this is most definitely not a trivial piece of code to write. The basic case is easy, yes. Getting everything in the spec right and then some is hard.
And, now I'm scared of establishing a TLS connection with untrusted servers after reading CVE-2021-22901 from that page. Remote code execution from an adversarial *server*. I can understand an adversarial client, but that just expanded the things of which I'm wary.
I had to implement a routine involving URL parsing in a library that is supposed to be behavior-identical across implementations in multiple languages. That was fun.
I currently parse out this stuff using a flaky little bit of python I cooked up myself and it gives me no end of grief when scaled. So many awful edge cases.
The author wrote curl, so I know it's going to do what it says it does well.
That's why it's getting love. It's a rock star dev putting out open source code many of us will absolutely be using regularly.
Way classier than yet another "product" built on the OpenAI API that will be gone in a year.
> URLs are tricky to parse and there are numerous security problems in software because of this. trurl wants to help soften this problem by taking away the need for script and command line authors everywhere to re-invent the wheel over and over.
When I was building my CI jobs at $job I needed url manipulation in shell. Had to use python inline, but it was long and ugly... trurl simplified it a bit.
[0] https://curl.se/docs/security.html