Tag
url-parsing
Safeguard articles tagged "url-parsing" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
URL parser confusion: how inconsistent parsing enables SSRF and auth bypass
Sixteen URL-parsing libraries tested, five inconsistency classes found, eight CVEs assigned — one wrong backslash can turn a validated URL into an SSRF.
Jul 16, 20266 min read
Application Security
Safely Parsing Untrusted URLs in Node.js
Node's legacy url.parse() is deprecated (DEP0169), and parser mismatches between it, the WHATWG URL API, and fetchers are a documented root cause of SSRF and open redirects.
Jul 13, 20266 min read