[3.10] bpo-43882 - Mention urllib.parse changes in Whats new section. (GH-26275)

* [3.10] bpo-43882 - Mention urllib.parse changes in Whats new section.

* escape the \n chars, ReSTify :rfc:, urllib.parse is a :mod:

* minor formatting.

Co-authored-by: Gregory P. Smith <[email protected]>

Author: orsenthil

Doc/whatsnew/3.10.rst

@@ -1337,6 +1337,13 @@ functions internally.  For more details, please see their respective
 documentation.
 (Contributed by Adam Goldschmidt, Senthil Kumaran and Ken Jin in :issue:`42967`.)
 
+The presence of newline or tab characters in parts of a URL allows for some
+forms of attacks. Following the WHATWG specification that updates :rfc:`3986`,
+ASCII newline ``\n``, ``\r`` and tab ``\t`` characters are stripped from the
+URL by the parser in :mod:`urllib.parse` preventing such attacks. The removal
+characters are controlled by a new module level variable
+``urllib.parse._UNSAFE_URL_BYTES_TO_REMOVE``. (See :issue:`43882`)
+
 xml
 ---