Skip to content

Commit

Permalink
Handle \t as well
Browse files Browse the repository at this point in the history
  • Loading branch information
@chrismccord
chrismccord committed Apr 13, 2023
1 parent c071506 commit fe3948f
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/phoenix/controller.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,7 @@ defmodule Phoenix.Controller do
end
end

@invalid_local_url_chars ["\\", "\%"]
@invalid_local_url_chars ["\\", "/%", "/\t"]
defp validate_local_url("//" <> _ = to), do: raise_invalid_url(to)

defp validate_local_url("/" <> _ = to) do
Expand Down
4 changes: 4 additions & 0 deletions test/phoenix/controller/controller_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,6 +386,10 @@ defmodule Phoenix.Controller.ControllerTest do
assert_raise ArgumentError, ~r/unsafe/, fn ->
redirect(conn(:get, "/"), to: "/%09/example.com")
end

assert_raise ArgumentError, ~r/unsafe/, fn ->
redirect(conn(:get, "/"), to: "/\t/example.com")
end
end

test "with :external" do
Expand Down

0 comments on commit fe3948f

Please sign in to comment.