This repository has been archived by the owner on Oct 30, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: Use Node's URL parser in the 5th security recommendation (elect…
…ron#33463) Rule 13 recommends using Node's URL parser for handling url inputs. At the moment, this is not being followed in the code example for rule 5, which falls back on checking that the url ends with a '/'. If this was forgotten when a user copies this code it could introduce security vulnerabilities if an attacker uses an URL in the following way: "https://example.com.attacker.com" Using Node's URL parser fixes this potential missuse and enables the '/' to be omited from the code example. Co-authored-by: Baitinq <you@example.com>
- Loading branch information