diff options
| author | Will Norris <will@tailscale.com> | 2024-01-08 11:18:16 -0800 |
|---|---|---|
| committer | Will Norris <will@willnorris.com> | 2024-01-08 12:04:02 -0800 |
| commit | 569b91417f8153afa6d3cd72d2ace45db1e48d9d (patch) | |
| tree | 5bc2f85c70b2018f09f7bc3d32b86ba7f00feca4 /util/execqueue | |
| parent | e26ee6952f8872411f416339aca4e9ad73fd3b8e (diff) | |
| download | tailscale-569b91417f8153afa6d3cd72d2ace45db1e48d9d.tar.xz tailscale-569b91417f8153afa6d3cd72d2ace45db1e48d9d.zip | |
client/web: ensure path prefix has a leading slash
This is simply an extra check to prevent hypothetical issues if a prefix
such as `--prefix="javascript:alert(1)"` was provided. This isn't
really necessary since the prefix is a configuration flag provided by
the device owner, not user input. But it does enforce that we are
always interpreting the provided value as a path relative to the root.
Fixes: tailscale/corp#16268
Signed-off-by: Will Norris <will@tailscale.com>
Diffstat (limited to 'util/execqueue')
0 files changed, 0 insertions, 0 deletions
