.INTERNAL is now reserved for private-use applications
Similar logic probably should handle
Read more
Читать далее...
XF\Http\Reader::isRequestableUntrustedUrlExtended
should return false for domains which match .internal
(maybe even internal
), as this can be used for internal DNS resolution and should not be publicly available.Similar logic probably should handle
.example
/.invalid
/.test
/.local
/.localhost
which are reserve top-level domains.HCaptcha::isLocalDomain
likely should...Read more
Читать далее...