diff options
author | Vishal Tak <vtak@gitlab.com> | 2022-06-20 15:11:36 +0300 |
---|---|---|
committer | Vishal Tak <vtak@gitlab.com> | 2022-06-20 15:56:32 +0300 |
commit | ca6db0ba6ba8b85d064b4bc3fe89795e78496df8 (patch) | |
tree | 9e44fe14f6e23a87a796366053c26ea3d53c8130 /internal/redirects/validations.go | |
parent | 24344cc0b0c24e16939a93a610dc09eacece6deb (diff) |
Fix domain level redirectsfix-redirects
Do not allow domain level redirects through special characters
Changelog: fixed
Diffstat (limited to 'internal/redirects/validations.go')
-rw-r--r-- | internal/redirects/validations.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/internal/redirects/validations.go b/internal/redirects/validations.go index 5264f731..ed022f52 100644 --- a/internal/redirects/validations.go +++ b/internal/redirects/validations.go @@ -28,7 +28,8 @@ func validateURL(urlText string) error { // No support for domain-level redirects to outside sites: // - `https://google.com` // - `//google.com` - if url.Host != "" || url.Scheme != "" { + // - `/\google.com` + if url.Host != "" || url.Scheme != "" || strings.HasPrefix(url.Path, "/\\") { return errNoDomainLevelRedirects } |