ValidateRedirectURIScheme reports whether the callback URL's scheme is safe to use as a redirect target. It returns an error when the scheme is empty, an unsupported URN, or one of the schemes that are dangerous in browser/HTML contexts (javascript, data, file, ftp). Legitimate custom schemes for n
(u *url.URL)
| 90 | // Legitimate custom schemes for native apps (e.g. vscode://, jetbrains://) |
| 91 | // are allowed. |
| 92 | func ValidateRedirectURIScheme(u *url.URL) error { |
| 93 | return validateScheme(u) |
| 94 | } |
| 95 | |
| 96 | func validateScheme(u *url.URL) error { |
| 97 | if u.Scheme == "" { |
no test coverage detected