[PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167)

Related to #2773 Related to Refactor URL detection [gitea#29960](https://github.com/go-gitea/gitea/pull/29960) Related to Refactor external URL detection [gitea#29973](https://github.com/go-gitea/gitea/pull/29973) I added a bunch of tests to `httplib.TestIsRiskyRedirectURL` and some cases should be better handled (however it is not an easy task). I also ported the removal of `utils.IsExternalURL`, since it prevents duplicated (subtle) code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3167 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-04-15 13:03:08 +00:00 · 2024-04-15 13:03:08 +00:00 · 16879b07d2
commit 16879b07d2
parent 20c0292b5c
6 changed files with 104 additions and 75 deletions
--- a/routers/utils/utils.go
+++ b/routers/utils/utils.go
@ -5,26 +5,10 @@ package utils

 import (
 	"html"
-	"net/url"
 	"strings"
-
-	"code.gitea.io/gitea/modules/setting"
 )

 // SanitizeFlashErrorString will sanitize a flash error string
 func SanitizeFlashErrorString(x string) string {
 	return strings.ReplaceAll(html.EscapeString(x), "\n", "<br>")
 }
-
-// IsExternalURL checks if rawURL points to an external URL like http://example.com
-func IsExternalURL(rawURL string) bool {
-	parsed, err := url.Parse(rawURL)
-	if err != nil {
-		return true
-	}
-	appURL, _ := url.Parse(setting.AppURL)
-	if len(parsed.Host) != 0 && strings.Replace(parsed.Host, "www.", "", 1) != strings.Replace(appURL.Host, "www.", "", 1) {
-		return true
-	}
-	return false
-}