-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: don't send invalid URLs back to the user #16687
fix: don't send invalid URLs back to the user #16687
Conversation
Codecov Report
@@ Coverage Diff @@
## master #16687 +/- ##
==========================================
- Coverage 76.93% 76.85% -0.08%
==========================================
Files 1005 1005
Lines 54049 54056 +7
Branches 7339 7339
==========================================
- Hits 41581 41547 -34
- Misses 12228 12269 +41
Partials 240 240
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
* fix: don't send bogus URLs back to the user * lint, remove f string (cherry picked from commit 5ac8ac0)
* fix: don't send bogus URLs back to the user * lint, remove f string
* fix: don't send bogus URLs back to the user * lint, remove f string
SUMMARY
Avoid sending a bogus URL back to the user, these can apparently cause a reflect XSS issue, yet the only possible victim is the attacker himself.
ADDITIONAL INFORMATION