Handle arbitrary subdomain sequences correctly

opensafely-core / interactive-templates

Code to generate the reports generated by OpenSAFELY Interactive

Other

0 stars 0 forks source link

Handle arbitrary subdomain sequences correctly #364

Closed Jongmassey closed 1 week ago

Jongmassey commented 2 weeks ago

Treating the URL (repo) as a string and checking if an allowed host is a substring of the URL is prone to errors. Instead, we parse the URL before performing a check on its host value.

Fixes #361

Jongmassey commented 1 week ago

@iaindillingham tests added and even safer URL replacement/reconstruction added