Files
Gitea/modules/httplib
3db3c058b3 Prevent redirect bypasses via backslash-encoded paths (#36660)
This change tightens relative URL validation to reject raw backslashes
and `%5c` (encoded backslash), since browsers and URL normalizers can
treat backslashes as path separators. That normalization can turn
seemingly relative paths into scheme-relative URLs, creating
open-redirect risk.

Visiting below URL to reproduce the problem.

http://localhost:3000/user/login?redirect_to=/a/../\example.com

http://localhost:3000/user/login?redirect_to=/a/../%5cexample.com

---------

Co-authored-by: silverwind <[email protected]>
Co-authored-by: Claude Opus 4.6 <[email protected]>
Co-authored-by: wxiaoguang <[email protected]>
2026-02-22 22:15:03 +00:00
..