Always respect explicitly set security attributes and properly sanitize user inputs to prevent security vulnerabilities. When modifying security-related configurations:
Always respect explicitly set security attributes and properly sanitize user inputs to prevent security vulnerabilities. When modifying security-related configurations:
Example 1: When handling cookie security attributes:
// Good: Only override SameSite when not explicitly set
if cookie.SameSite == http.SameSiteDefaultMode {
cookie.SameSite = c.sameSite
}
// Bad: Unconditionally overriding security attributes
cookie.SameSite = c.sameSite
Example 2: For URL path sanitization:
// Good: Initialize regex patterns once, outside of functions
var pathSanitizer = regexp.MustCompile("[^a-zA-Z0-9/-]+")
// Use the pre-compiled pattern to sanitize paths
sanitizedPath := pathSanitizer.ReplaceAllString(path, "")
Properly preserving security configurations and sanitizing inputs helps prevent CSRF, XSS, and path traversal vulnerabilities.
Enter the URL of a public GitHub repository