Closed majido closed 4 years ago
/cc @samuelgoto
Thanks @hober!
On Mon, Jun 15, 2020, 5:08 PM hober notifications@github.com wrote:
@hober https://github.com/hober requested your review on: #7 https://github.com/WICG/sms-one-time-codes/pull/7 Validate host before accepting it (Fix #6 https://github.com/WICG/sms-one-time-codes/issues/6 ).
— You are receiving this because your review was requested. Reply to this email directly, view it on GitHub https://github.com/WICG/sms-one-time-codes/pull/7#event-3446678015, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFJL2TM6F4E3U4FIOJWDIDRW2ZYXANCNFSM4N6HCC5Q .
Given that the host is expected to be used as part of an origin with 'https' scheme, it cannot be an opaque host. So accept the remaining three valid host types: domain, IPv4, IPv6.