Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent redirect to Host (2) (go-gitea#19175) (go-gitea#19186)
Backport go-gitea#19175 Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference go-gitea#9678 Signed-off-by: Andrew Thornton <art27@cantab.net>
- Loading branch information