Skip to content

fix Response.redirect URL handling#5302

Open
Monti-27 wants to merge 1 commit intoboa-dev:mainfrom
Monti-27:redirectfix
Open

fix Response.redirect URL handling#5302
Monti-27 wants to merge 1 commit intoboa-dev:mainfrom
Monti-27:redirectfix

Conversation

@Monti-27
Copy link
Copy Markdown
Contributor

@Monti-27 Monti-27 commented Apr 5, 2026

Fixes #5301.

Response.redirect() was validating the input with a generic URI check and then writing the original string into the Location header. That meant absolute URLs were not serialized, and relative URLs like /foo were accepted.

This changes Response.redirect() to parse the target as a URL and store the serialized parsed URL in Location. It also enables the url dependency under the fetch feature so the non-default build stays correct.

Tests cover:

  • serializing parsed absolute URLs
  • preserving fragments
  • rejecting relative redirect targets
  • rejecting values that coerce to non-URL strings

Checks:

  • cargo test -p boa_runtime response -- --nocapture
  • cargo test -p boa_runtime --no-default-features --features fetch response_redirect -- --nocapture
  • cargo clippy -p boa_runtime --all-features --all-targets -- -D warnings

@github-actions github-actions bot added the Waiting On Review Waiting on reviews from the maintainers label Apr 5, 2026
@github-actions github-actions bot added this to the v1.0.0 milestone Apr 5, 2026
@github-actions github-actions bot added C-Dependencies Pull requests that update a dependency file C-Tests Issues and PRs related to the tests. C-Runtime Issues and PRs related to Boa's runtime features labels Apr 5, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 5, 2026

Test262 conformance changes

Test result main count PR count difference
Total 53,125 53,125 0
Passed 50,827 50,827 0
Ignored 1,482 1,482 0
Failed 816 816 0
Panics 0 0 0
Conformance 95.67% 95.67% 0.00%

Tested main commit: f6021b3d3dd1249c9569be77f0ca9ccf00ea318a
Tested PR commit: 82718b65f21d67f40c109ffe2c51319723468d4c
Compare commits: f6021b3...82718b6

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.73%. Comparing base (6ddc2b4) to head (82718b6).
⚠️ Report is 929 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff             @@
##             main    #5302       +/-   ##
===========================================
+ Coverage   47.24%   59.73%   +12.49%     
===========================================
  Files         476      589      +113     
  Lines       46892    63487    +16595     
===========================================
+ Hits        22154    37926    +15772     
- Misses      24738    25561      +823

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Monti-27 Monti-27 marked this pull request as ready for review April 5, 2026 14:22
@Monti-27 Monti-27 requested a review from a team as a code owner April 5, 2026 14:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

C-Dependencies Pull requests that update a dependency file C-Runtime Issues and PRs related to Boa's runtime features C-Tests Issues and PRs related to the tests. Waiting On Review Waiting on reviews from the maintainers

Projects

None yet

Milestone

v1.0.0

Development

Successfully merging this pull request may close these issues.

Response.redirect() accepts relative URLs and does not serialize Location

1 participant

@Monti-27