func validateToURL()

in internal/redirects/validations.go [61:87]

• 17 lines of code
• 7 McCabe index (conditional complexity)

func validateToURL(urlText string, status int) error {
	toURL, err := url.Parse(urlText)
	if err != nil {
		return errFailedToParseURL
	}

	// No support for domain level redirects starting with // or special characters:
	// - `//google.com`
	// - `/\google.com`
	if (toURL.Host == "") != (toURL.Scheme == "") || strings.HasPrefix(toURL.Path, "/\\") {
		return errNoValidStartingInURLPath
	}

	// No support for domain level rewrite
	if utils.IsDomainURL(urlText) && status == http.StatusOK {
		return errNoDomainLevelRewrite
	}

	allowedPrefix := []string{"/", "http://", "https://"}
	// No parent traversing relative URL's with `./` or `../`
	// No ambiguous URLs like bare domains `GitLab.com`
	if !startsWithAnyPrefix(urlText, allowedPrefix...) {
		return errNoValidStartingInURLPath
	}

	return validateSplatAndPlaceholders(toURL.Path)
}