You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net> |
2 years ago | |
---|---|---|
.. | ||
access_log.go | 3 years ago | |
api.go | 2 years ago | |
api_org.go | 3 years ago | |
api_test.go | 2 years ago | |
auth.go | 2 years ago | |
captcha.go | 2 years ago | |
context.go | 2 years ago | |
csrf.go | 2 years ago | |
form.go | 2 years ago | |
org.go | 2 years ago | |
pagination.go | 2 years ago | |
permission.go | 2 years ago | |
private.go | 2 years ago | |
repo.go | 2 years ago | |
response.go | 2 years ago | |
xsrf.go | 3 years ago | |
xsrf_test.go | 3 years ago |