Permissive regex leads to domain filter bypass
Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. Impact The regex used was: re.match("(?i)^%s" % domain, value) This has two problems, first that only the beginning...