[Etheryte]

Over the years, curl itself has had 9 CVEs relating to handling URLs [0] so this is most definitely not a trivial piece of code to write. The basic case is easy, yes. Getting everything in the spec right and then some is hard.

[0] https://curl.se/docs/security.html

[gcoakes]

And, now I'm scared of establishing a TLS connection with untrusted servers after reading CVE-2021-22901 from that page. Remote code execution from an adversarial *server*. I can understand an adversarial client, but that just expanded the things of which I'm wary.

[organsnyder]

I had to implement a routine involving URL parsing in a library that is supposed to be behavior-identical across implementations in multiple languages. That was fun.

[skrtskrt]

is it somehow better than the stuff available in mainstream languages (go net/url, Python yarl, etc)?

Or is it just that this is focused on command-line usage