diff -uNrp a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
--- a/Lib/test/test_urlparse.py	2019-12-21 15:41:32.172000000 +0800
+++ b/Lib/test/test_urlparse.py	2019-12-21 15:44:28.316000000 +0800
@@ -641,6 +641,12 @@ class UrlParseTestCase(unittest.TestCase
         self.assertIn(u'\u2100', denorm_chars)
         self.assertIn(u'\uFF03', denorm_chars)
 
+        # bpo-36742: Verify port separators are ignored when they
+        # existed prior to decomposition
+        urlparse.urlsplit(u'http://\u30d5\u309a:80')
+        with self.assertRaises(ValueError):
+            urlparse.urlsplit(u'http://\u30d5\u309a\ufe1380')
+
         for scheme in [u"http", u"https", u"ftp"]:
             for c in denorm_chars:
                 url = u"{}://netloc{}false.netloc/path".format(scheme, c)
diff -uNrp a/Lib/urlparse.py b/Lib/urlparse.py
--- a/Lib/urlparse.py	2019-12-21 15:41:32.080000000 +0800
+++ b/Lib/urlparse.py	2019-12-21 15:46:11.480000000 +0800
@@ -171,13 +171,17 @@ def _checknetloc(netloc):
     # looking for characters like \u2100 that expand to 'a/c'
     # IDNA uses NFKC equivalence, so normalize for this check
     import unicodedata
-    netloc2 = unicodedata.normalize('NFKC', netloc)
-    if netloc == netloc2:
+    n = netloc.rpartition('@')[2] # ignore anything to the left of '@'
+    n = n.replace(':', '')        # ignore characters already included
+    n = n.replace('#', '')        # but not the surrounding text
+    n = n.replace('?', '')
+    netloc2 = unicodedata.normalize('NFKC', n)
+    if n == netloc2:
         return
     _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
     for c in '/?#@:':
         if c in netloc2:
-            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+            raise ValueError("netloc '" + netloc + "' contains invalid " +
                              "characters under NFKC normalization")
 
 def urlsplit(url, scheme='', allow_fragments=True):
diff -uNrp a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst b/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst
--- a/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst	1970-01-01 08:00:00.000000000 +0800
+++ b/Misc/NEWS.d/next/Security/2019-04-29-15-34-59.bpo-36742.QCUY0i.rst	2019-12-21 15:53:31.188000000 +0800
@@ -0,0 +1 @@
+Fixes mishandling of pre-normalization characters in urlsplit().