New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ensure NeoPG::URI and NeoPG::Http agree on URL parsing. #61

Closed
lambdafu opened this Issue Mar 20, 2018 · 2 comments

Comments

Projects
None yet
1 participant
@lambdafu
Copy link
Collaborator

lambdafu commented Mar 20, 2018

Mismatching URL parser can lead to security problems (for example whitelisting domain names such as "brave.com%60x.code-fu.org"). Currently, NeoPG does only check the protocol, but in case we want to do more, this issue shall remind us to be careful.

Unfortunately, libcurl doesn't expose the URL parser yet: curl/curl#2412

lambdafu added a commit that referenced this issue Mar 20, 2018

@lambdafu

This comment has been minimized.

Copy link
Collaborator

lambdafu commented Mar 21, 2018

Original report here: nodejs/node#19468

lambdafu added a commit that referenced this issue Mar 21, 2018

@lambdafu

This comment has been minimized.

Copy link
Collaborator

lambdafu commented Mar 21, 2018

Fixed by #62.

@lambdafu lambdafu closed this Mar 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment