TakeV/forgejo
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-01-04. You can view files and clone it, but cannot push or open issues or pull requests.
forgejo/modules/context
History
zeripath 0b1686b67a
Prevent redirect to Host (2) (#19175) 
Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-23 16:12:36 +00:00
..
access_log.go
api.go Update HTTP status codes to modern codes (#18063) 2022-03-23 12:54:07 +08:00
api_org.go
api_test.go
auth.go Renamed ctx.User to ctx.Doer. (#19161) 2022-03-22 15:03:22 +08:00
captcha.go
context.go Prevent redirect to Host (2) (#19175) 2022-03-23 16:12:36 +00:00
csrf.go
form.go
org.go Renamed ctx.User to ctx.Doer. (#19161) 2022-03-22 15:03:22 +08:00
pagination.go
permission.go Renamed ctx.User to ctx.Doer. (#19161) 2022-03-22 15:03:22 +08:00
private.go
repo.go Redirect .wiki/* ui link to /wiki (#18831) 2022-03-23 13:29:18 +00:00
response.go
xsrf.go
xsrf_test.go