shockey
commented
6 years ago @crookedneighbor fixed!
Closed shockey closed 6 years ago
shockey
commented
6 years ago @crookedneighbor fixed!
crookedneighbor
commented
6 years ago Made one slight change to make the logic a little clearer. Going to let one more Braintree dev take a look at this before merging and releasing. I expect to release a new version with this feature on Monday.
crookedneighbor
commented
6 years ago This was released as part of v2.1.0. Thanks!
Addresses an issue raised in https://github.com/swagger-api/swagger-ui/issues/4107.
Per RFC 3986 Section 4.2, relative reference URLs come in three flavors:
./my.json,./myfolder/my.json,./), which start with./my.json,/myfolder/my.json,/), which start with///google.com/robots.txt), which start with//This PR adds support for all three flavors.
All existing tests continue to pass. I don't foresee any security issues w/r/t evil scheme URLs, since the same RFC clearly states that schemes can only be found at the beginning of URLs (
Each URI begins with a scheme name). Since these special characters (.and/) indicate a relative URL, no URL parser should ever look for a scheme in such a URL.