mirror of https://gitgud.io/fatchan/jschan.git
* properly escape goto parameter * do not redirect to anywhere, only to the same server, no query parameters This should still allow valid targets, like `/account.html`, `/boardname/manage/whatever` while disallow things like `https://othersite.com`.merge-requests/208/head
parent
d6567bdbbe
commit
6f1ab5292f
2 changed files with 7 additions and 3 deletions
Loading…
Reference in new issue