Closed Jongmassey closed 1 week ago
Treating the URL (repo) as a string and checking if an allowed host is a substring of the URL is prone to errors. Instead, we parse the URL before performing a check on its host value.
repo
Fixes #361
@iaindillingham tests added and even safer URL replacement/reconstruction added
Treating the URL (
repo
) as a string and checking if an allowed host is a substring of the URL is prone to errors. Instead, we parse the URL before performing a check on its host value.Fixes #361