(uri string)
| 925 | } |
| 926 | |
| 927 | func sanitizeURI(uri string) string { |
| 928 | // double slash `\\`, `//` or even `\/` is absolute uri for browsers and by redirecting request to that uri |
| 929 | // we are vulnerable to open redirect attack. so replace all slashes from the beginning with single slash |
| 930 | if len(uri) > 1 && (uri[0] == '\\' || uri[0] == '/') && (uri[1] == '\\' || uri[1] == '/') { |
| 931 | uri = "/" + strings.TrimLeft(uri, `/\`) |
| 932 | } |
| 933 | return uri |
| 934 | } |
no outgoing calls
no test coverage detected
searching dependent graphs…