Sécurité: amélioration de `get_safe_url` by xavfernandez · Pull Request #5656 · gip-inclusion/les-emplois

xavfernandez · 2025-02-19T14:21:34Z

🤔 Pourquoi ?

Pour éviter des URL contenant des caractères particuliers que les navigateurs interprètent de manière hasardeuse menant à une vulnérabilité de redirection ouverte.

🍰 Comment ?

Décrivez en quelques mots la solution retenue et mise en oeuvre, les difficultés ou problèmes rencontrés. Attirez l'attention sur les décisions d'architecture ou de conception importantes.

🚨 À vérifier

Mettre à jour le CHANGELOG_breaking_changes.md ?
Ajouter l'étiquette « Bug » ?

🏝️ Comment tester ?

Les instructions pour reproduire le problème, les profils de test, le parcours spécifique à utiliser, etc. Si vous disposez d'une recette jetable, mettre l'URL pour tester dans cette partie.

💻 Captures d'écran

Scttpr · 2025-02-19T16:01:01Z

Merci pour la reactivite !

This prevents the injection of clever URL that could lead to open redirect issues.

xavfernandez added the tech label Feb 19, 2025

xavfernandez requested a review from francoisfreitag February 19, 2025 14:21

xavfernandez self-assigned this Feb 19, 2025

xavfernandez force-pushed the xfernandez/improve_get_safe_url branch from f082d3b to 84461e1 Compare February 19, 2025 14:24

francoisfreitag approved these changes Feb 19, 2025

View reviewed changes

xavfernandez added this pull request to the merge queue Feb 19, 2025

celine-m-s approved these changes Feb 19, 2025

View reviewed changes

github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Feb 19, 2025

xavfernandez added 2 commits February 19, 2025 17:06

utils: simplify get_safe_url flow

e51f31b

utils: normalize urls to ascii in get_safe_url

ca0785c

This prevents the injection of clever URL that could lead to open redirect issues.

xavfernandez force-pushed the xfernandez/improve_get_safe_url branch from 84461e1 to ca0785c Compare February 19, 2025 16:07

xavfernandez added this pull request to the merge queue Feb 19, 2025

Merged via the queue into master with commit 482e6df Feb 19, 2025

xavfernandez deleted the xfernandez/improve_get_safe_url branch February 19, 2025 16:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sécurité: amélioration de `get_safe_url`#5656

Sécurité: amélioration de `get_safe_url`#5656
xavfernandez merged 2 commits into
masterfrom
xfernandez/improve_get_safe_url

xavfernandez commented Feb 19, 2025

Uh oh!

Scttpr commented Feb 19, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

xavfernandez commented Feb 19, 2025

🤔 Pourquoi ?

🍰 Comment ?

🚨 À vérifier

🏝️ Comment tester ?

💻 Captures d'écran

Uh oh!

Scttpr commented Feb 19, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants