search

eggjs / egg-security

Security plugin for egg, force performance too.
MIT License
238 stars 43 forks source link

fix: absolute path detect should ignore evil path #28

Closed fengmk2 closed 6 years ago

codecov[bot] commented 6 years ago

Codecov Report

Merging #28 into master will not change coverage. The diff coverage is 100%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #28   +/-   ##
=======================================
  Coverage   95.88%   95.88%           
=======================================
  Files          26       26           
  Lines         437      437           
=======================================
  Hits          419      419           
  Misses         18       18
Impacted Files Coverage Δ
lib/safe_redirect.js 100% <100%> (ø) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update e341fc3...472d42e. Read the comment docs.

fengmk2 commented 6 years ago

image

fengmk2 commented 6 years ago

1.x 的修复 https://github.com/eggjs/egg-security/pull/29

popomore commented 6 years ago

哦,是浏览器支持这种格式,直接可以跳转到域名?

jtyjty99999 commented 6 years ago
fengmk2 commented 6 years ago

@popomore 是的,应该是浏览器处理过度了。。。