24465570117
100%

Ran 15 Apr 2026 04:19PM UTC

Jobs 3

Files 44

Run time 1min

Badge

Embed ▾

Committed 15 Apr 2026 04:19PM UTC coverage: 98.89% (+0.002%) from 98.888%

Build # 24465570117

Build Type

push

github

Committed by

web-flow

Commit Message

Fix potential XSS in `res.redirect` (#498)

* fix: harden redirect location handling

Avoid encoding the authority portion of absolute redirect URLs.

Stop rendering redirect targets as HTML links in res.redirect.

This prevents allowlist bypasses and removes the XSS-prone href sink.

* chore: changeset

* fix: exclude # from authority match in setLocationHeader and fix typo

Also adds regression test for fragment encoding.

Coverage Stats

994 of 1015 branches covered (97.93%)

Branch coverage included in aggregate %.

5 of 5 new or added lines in 2 files covered. (100.0%)

1323 of 1328 relevant lines covered (99.62%)

258.31 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	24465570117.1	15 Apr 2026 04:19PM UTC	44	98.89	GitHub Action Run
2	24465570117.2	15 Apr 2026 04:19PM UTC	44	98.89	GitHub Action Run
3	24465570117.3	15 Apr 2026 04:19PM UTC	44	98.89	GitHub Action Run

tinyhttp / tinyhttp / 24465570117
100%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24465570117

tinyhttp / tinyhttp / 24465570117 100%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24465570117

tinyhttp / tinyhttp / 24465570117
100%

README BADGES
x