You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 28, 2024. It is now read-only.
SafeURL explicitly codes in support for IPv6, but no IPv6 addresses are included in the default blacklist.
SafeURL.fetch("http://[::1]/secret")
will connect to the loopback over IPv6 and return /secret's response.
Rather than add IPv6 addresses to the blacklist SafeURL should restrict itself to resolving IPv4 addresses for the reasons outlined in JordanMilne/Advocate#3. It's difficult to impossible to safely support IPv6 in a drop-in manner.
SafeURL explicitly codes in support for IPv6, but no IPv6 addresses are included in the default blacklist.
will connect to the loopback over IPv6 and return
/secret's response.Rather than add IPv6 addresses to the blacklist
SafeURLshould restrict itself to resolving IPv4 addresses for the reasons outlined in JordanMilne/Advocate#3. It's difficult to impossible to safely support IPv6 in a drop-in manner.