search

modmail-dev / Modmail

A Discord bot that functions as a shared inbox between staff and members, similar to Reddit's Modmail.
https://docs.modmail.dev
GNU Affero General Public License v3.0
1.58k stars 4.59k forks source link

Fix code scanning alert - Incomplete URL substring sanitization #3291

Closed Taaku18 closed 10 months ago

Taaku18 commented 1 year ago

Tracking issues for:

I don't see how these are vulnerabilities. But since CodeQL says so, I'll replace it with a better way.

RealCyGuy commented 1 year ago

I don't think it's a vulnerability, but it could cause unexpected behaviour if an image url was https://gyazo.com.example.com/image.png for example.