linxianzhuang/saasshop
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BackUrl::sanitizeForLinks 增强:拒绝协议相对 URL(//evil.com)并补单测

Browse Source
This commit is contained in:
萝卜
2026-03-15 04:18:54 +00:00
parent cbc05e59b7
commit 0126a5aed7
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/Unit/BackUrlSanitizeForLinksTest.php
View File

@@ -16,6 +16,9 @@ class BackUrlSanitizeForLinksTest extends TestCase
{
$this->assertSame('', BackUrl::sanitizeForLinks('https://evil.com/a'));
$this->assertSame('', BackUrl::sanitizeForLinks('http://evil.com/a'));
// 协议相对 URL
$this->assertSame('', BackUrl::sanitizeForLinks('//evil.com/a'));
}
public function test_sanitize_for_links_should_reject_quotes_and_angle_brackets(): void