- Replace substring check with strict hostname validation (goo.gl, maps.app.goo.gl) - Add checkSsrf() guard with bypass=true to block private/internal IPs unconditionally - Prevents crafted URLs like https://evil.com/?foo=goo.gl from triggering server-side fetches |
||
|---|---|---|
| .. | ||
| public | ||
| scripts | ||
| src | ||
| tests | ||
| .env.example | ||
| package-lock.json | ||
| package.json | ||
| reset-admin.js | ||
| tsconfig.json | ||
| vitest.config.ts | ||