zeripath 0b1686b67a Prevent redirect to Host (2) (#19175) ... Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton <art27@cantab.net>		2022-03-23 16:12:36 +00:00
..
access_log.go	Pass down SignedUserName down to AccessLogger context (#16605)	2021-08-04 13:26:30 -04:00
api_org.go	Use a standalone struct name for Organization (#17632)	2021-11-19 19:41:40 +08:00
api_test.go	format with gofumpt (#18184)	2022-01-20 18:46:10 +01:00
api.go	Update HTTP status codes to modern codes (#18063)	2022-03-23 12:54:07 +08:00
auth.go	Renamed ctx.User to ctx.Doer. (#19161)	2022-03-22 15:03:22 +08:00
captcha.go	format with gofumpt (#18184)	2022-01-20 18:46:10 +01:00
context.go	Prevent redirect to Host (2) (#19175)	2022-03-23 16:12:36 +00:00
csrf.go	format with gofumpt (#18184)	2022-01-20 18:46:10 +01:00
form.go	Add config options to hide issue events (#17414)	2022-01-21 18:59:26 +01:00
org.go	Renamed ctx.User to ctx.Doer. (#19161)	2022-03-22 15:03:22 +08:00
pagination.go	Refactor admin user filter query parameters (#18965)	2022-03-02 16:30:14 +01:00
permission.go	Renamed ctx.User to ctx.Doer. (#19161)	2022-03-22 15:03:22 +08:00
private.go	format with gofumpt (#18184)	2022-01-20 18:46:10 +01:00
repo.go	Redirect .wiki/* ui link to /wiki (#18831)	2022-03-23 13:29:18 +00:00
response.go	format with gofumpt (#18184)	2022-01-20 18:46:10 +01:00
xsrf_test.go	Move macaron to chi (#14293)	2021-01-26 16:36:53 +01:00
xsrf.go	Move macaron to chi (#14293)	2021-01-26 16:36:53 +01:00