Skip to content

v0.0.13

Choose a tag to compare

View all tags
@threepointone threepointone released this 30 Oct 11:31
· 68 commits to main since this release
v0.0.13
f8eaa3e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • #98 0982a1c Thanks @threepointone! - Enhance redirect URI scheme validation for security

    Added a robust helper to validate redirect URI schemes, preventing dangerous pseudo-schemes (e.g., javascript:, data:, vbscript:) with normalization and case-insensitive checks. Expanded test coverage to include bypass attempts using mixed case, whitespace, control characters, and edge cases to ensure comprehensive protection against XSS and related attacks.

Assets 2
Loading