diff --git a/tsweb/tsweb_test.go b/tsweb/tsweb_test.go index 11f68051f..cd3c99fce 100644 --- a/tsweb/tsweb_test.go +++ b/tsweb/tsweb_test.go @@ -637,7 +637,6 @@ func TestCleanRedirectURL(t *testing.T) { {"https://tailscale.com/foo", tailscaleHost, "https://tailscale.com/foo", false}, {"/foo", tailscaleHost, "/foo", false}, {"//tailscale.com/foo", tailscaleHost, "//tailscale.com/foo", false}, - {"/a/foobar", tailscaleHost, "/a/foobar", false}, {"http://127.0.0.1/a/foobar", localHost, "http://127.0.0.1/a/foobar", false}, {"http://127.0.0.1:123/a/foobar", localHost, "http://127.0.0.1:123/a/foobar", false}, @@ -650,6 +649,15 @@ func TestCleanRedirectURL(t *testing.T) { {"http://myserver:31544/a/foobar", myServer, "http://myserver:31544/a/foobar", false}, {"http://evil.com/foo", tailscaleHost, "", true}, {"//evil.com", tailscaleHost, "", true}, + {"\\\\evil.com", tailscaleHost, "", true}, + {"javascript:alert(123)", tailscaleHost, "", true}, + {"file:///", tailscaleHost, "", true}, + {"file:////SERVER/directory/goats.txt", tailscaleHost, "", true}, + {"https://google.com", tailscaleHost, "", true}, + {"", tailscaleHost, "", false}, + {"\"\"", tailscaleHost, "", true}, + {"https://tailscale.com@goats.com:8443", tailscaleHost, "", true}, + {"https://tailscale.com:8443@goats.com:8443", tailscaleHost, "", true}, {"HttP://tailscale.com", tailscaleHost, "http://tailscale.com", false}, {"http://TaIlScAlE.CoM/spongebob", tailscaleHost, "http://TaIlScAlE.CoM/spongebob", false}, {"ftp://tailscale.com", tailscaleHost, "", true},