From bdf347f0d40568fac3e138629432ad79a50b8f16 Mon Sep 17 00:00:00 2001
From: Simon Cropp <simon.cropp@gmail.com>
Date: Fri, 20 Dec 2024 16:38:47 +1100
Subject: [PATCH 1/2] avoid a string allocation in IsUri

---
 .../src/IdentityServer/Extensions/StringsExtensions.cs    | 8 ++++++--
 .../Extensions/StringExtensionsTests.cs                   | 2 ++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs b/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
index a92d2ff1b..268d16869 100644
--- a/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
+++ b/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
@@ -207,9 +207,13 @@ public static bool IsUri(this string input)
             return false;
         }
 
-        if (uri.IsFile && !input.StartsWith(Uri.UriSchemeFile + "://", StringComparison.OrdinalIgnoreCase))
+        if (uri.IsFile)
         {
-            return false;
+            // no need to check if input starts with {Uri.UriSchemeFile}:// because uri.IsFile ensures it is either '/' or `file://`
+            if (!input.StartsWith(Uri.UriSchemeFile, StringComparison.OrdinalIgnoreCase))
+            {
+                return false;
+            }
         }
 
         return true;
diff --git a/identity-server/test/IdentityServer.UnitTests/Extensions/StringExtensionsTests.cs b/identity-server/test/IdentityServer.UnitTests/Extensions/StringExtensionsTests.cs
index 364ca6615..2585626b5 100644
--- a/identity-server/test/IdentityServer.UnitTests/Extensions/StringExtensionsTests.cs
+++ b/identity-server/test/IdentityServer.UnitTests/Extensions/StringExtensionsTests.cs
@@ -176,7 +176,9 @@ public void IsUri_should_block_paths()
     {
         // especially on linux
         // https://github.com/DuendeSoftware/Support/issues/148
+        " /path".IsUri().Should().BeFalse();
         "/path".IsUri().Should().BeFalse();
+        " //".IsUri().Should().BeFalse();
         "//".IsUri().Should().BeFalse();
         "://".IsUri().Should().BeFalse();
         " ://".IsUri().Should().BeFalse();

From 7b85c98e14724e4c40d81efff0dcf01fcc583146 Mon Sep 17 00:00:00 2001
From: Simon Cropp <simon.cropp@gmail.com>
Date: Fri, 20 Dec 2024 16:39:46 +1100
Subject: [PATCH 2/2] Update StringsExtensions.cs

---
 .../IdentityServer/Extensions/StringsExtensions.cs  | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs b/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
index 268d16869..c86503186 100644
--- a/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
+++ b/identity-server/src/IdentityServer/Extensions/StringsExtensions.cs
@@ -207,16 +207,9 @@ public static bool IsUri(this string input)
             return false;
         }
 
-        if (uri.IsFile)
-        {
-            // no need to check if input starts with {Uri.UriSchemeFile}:// because uri.IsFile ensures it is either '/' or `file://`
-            if (!input.StartsWith(Uri.UriSchemeFile, StringComparison.OrdinalIgnoreCase))
-            {
-                return false;
-            }
-        }
-
-        return true;
+        return !uri.IsFile ||
+               // no need to check if input starts with {Uri.UriSchemeFile}:// because uri.IsFile ensures it is either '/' or `file://`
+               input.StartsWith(Uri.UriSchemeFile, StringComparison.OrdinalIgnoreCase);
     }
 
     [DebuggerStepThrough]