Harden UrlHelperBase.IsLocalUrl against control characters

[pranavkm]

UrlHelperBase.IsLocalUrl will return true for urls such as /\n/not-local-url. Using this value as part of LocalRedirectResult will result in an exception from HttpAbstractions rather than the more helpful error message from LocalRedirectResultExecutor: https://github.com/aspnet/AspNetCore/blob/master/src/Mvc/Mvc.Core/src/Infrastructure/LocalRedirectResultExecutor.cs#L53

[gfoidl]

I'll take a look into this.

[am11]

Related to another IsLocalUrl behavior; according to https://tools.ietf.org/html/rfc8089, these are also local URLs:

• file:///path/to/file
• file:/path/to/file
• file:c:/path/to/file
• file:///c|/path/to/file
• file:/c|/path/to/file
• file:c|/path/to/file

whereas, these are not:

• file://host.example.com/path/to/file
• file:////host.example.com/path/to/file
• file://///host.example.com/path/to/file

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.