roc-lang/roc
1
1
Fork 0
mirror of https://github.com/roc-lang/roc.git synced 2024-09-20 23:37:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add "@" to the list of misleading characters

Browse Source 
Contributes to #5487
This commit is contained in:
Fábio Beirão 2023-05-31 18:50:49 +02:00
parent 842f8b9941
commit 5744387693
No known key found for this signature in database
GPG Key ID: 13FD3A2130278AAE
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crates/packaging/src/https.rs
View File

@ -31,11 +31,12 @@ const VALID_EXTENSION_SUFFIXES: [&str; 2] = [".gz", ".br"];
/// Characters that could be misleading if present in URLs:
///
/// @ - For now we avoid usage of the @, to avoid the "tld zip" attack vector
/// - U+2044 Fraction Slash
/// - U+2215 Division Slash
/// - U+FF0F Fullwidth Solidus
/// - U+29F8 Big Solidus
const MISLEADING_CHARACTERS_IN_URL: [&str; 4] = ["\u{2044}", "\u{2215}", "\u{FF0F}", "\u{29F8}"];
const MISLEADING_CHARACTERS_IN_URL: [&str; 5] = ["@", "\u{2044}", "\u{2215}", "\u{FF0F}", "\u{29F8}"];
#[derive(Debug)]
pub enum UrlProblem {