]> git.kaiwu.me - njs.git/commit
Fetch: reject unsafe request targets
authorDmitry Volyntsev <xeioex@nginx.com>
Fri, 29 May 2026 23:04:56 +0000 (16:04 -0700)
committerDmitry Volyntsev <xeioexception@gmail.com>
Mon, 1 Jun 2026 15:44:59 +0000 (08:44 -0700)
commit50f8b9ae2fa174a81d5674df321461322a2f05a7
tree360c91b696c3994d468859436871b8b3ea1380c9
parent5ee6e0763e6a16a89d429edf8d8d587c691ed5cc
Fetch: reject unsafe request targets

Reject raw C0 control bytes, space, and DEL in the parsed request target
before fetch request serialization.  Leave percent-encoded bytes unchanged.
nginx/ngx_js_fetch.c
nginx/ngx_qjs_fetch.c
nginx/t/js_fetch_objects.t