mirror of
https://github.com/go-gitea/gitea
synced 2024-10-31 16:53:25 +01:00
0b1686b67a
Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net> |
||
---|---|---|
.. | ||
access_log.go | ||
api_org.go | ||
api_test.go | ||
api.go | ||
auth.go | ||
captcha.go | ||
context.go | ||
csrf.go | ||
form.go | ||
org.go | ||
pagination.go | ||
permission.go | ||
private.go | ||
repo.go | ||
response.go | ||
xsrf_test.go | ||
xsrf.go |