(uri string)
| 142 | } |
| 143 | |
| 144 | func sanitizeURI(uri string) string { |
| 145 | // double slash `\\`, `//` or even `\/` is absolute uri for browsers and by redirecting request to that uri |
| 146 | // we are vulnerable to open redirect attack. so replace all slashes from the beginning with single slash |
| 147 | if len(uri) > 1 && (uri[0] == '\\' || uri[0] == '/') && (uri[1] == '\\' || uri[1] == '/') { |
| 148 | uri = "/" + strings.TrimLeft(uri, `/\`) |
| 149 | } |
| 150 | return uri |
| 151 | } |
no outgoing calls
no test coverage detected
searching dependent graphs…