Strip trailing slashes from an API base URL to prevent double-slash paths.
Implemented as a bounded loop rather than a regex replace to avoid the
polynomial-time ReDoS class (CodeQL js/polynomial-redos) that applies to
ambiguous end-anchored quantifiers like //+$/ on attacker-controlled
input.
Strip trailing slashes from an API base URL to prevent double-slash paths.
Implemented as a bounded loop rather than a regex replace to avoid the polynomial-time ReDoS class (CodeQL js/polynomial-redos) that applies to ambiguous end-anchored quantifiers like
//+$/on attacker-controlled input.