Add validation around urls to avoid exploitation (!114) · Merge requests · GitLab.org / ruby / gems / GitLab Experiment

Jeremy Jackson requested to merge jj-add-redirect-url-validation into master Jul 01, 2021

This adds a configuration for url validation (before redirecting) that you can implement whatever desired logic inside of. In our case we’ll probably check the url against a regex, so that’s what I’ve tested against.

Addresses a potential exploitation risk, so this should be included in a 0.6.2 release in the next couple days.

Edited Jul 01, 2021 by Jeremy Jackson

Add validation around urls to avoid exploitation

Merge request reports