fix(withoutBase): collapse leading slashes

Slicing the base prefix from inputs like `/api//evil.com` left the
remainder as `//evil.com`, which browsers interpret as a protocol-relative
URL and could enable open redirects when the result flows into a
`Location` header (via `withBase` → `event.url.pathname`).

Normalize all leading slashes on the trimmed remainder so the output is
always a single-host-relative path.

Ref: unjs/ufo#335

Author: pi0

src/utils/internal/path.ts

@@ -40,8 +40,10 @@ export function withoutBase(input: string = "", base: string = ""): string {
   if (!input.startsWith(_base) || (input.length > _base.length && input[_base.length] !== "/")) {
     return input;
   }
-  const trimmed = input.slice(_base.length);
-  return trimmed[0] === "/" ? trimmed : "/" + trimmed;
+  // Collapse leading slashes to prevent protocol-relative URL injection
+  // e.g. withoutBase("/legacy//evil.com", "/legacy") must not return "//evil.com"
+  const trimmed = input.slice(_base.length).replace(/^\/+/, "");
+  return "/" + trimmed;
 }
 
 export function getPathname(path: string = "/"): string {

test/utils.test.ts

@@ -137,6 +137,12 @@ describeMatrix("utils", (t, { it, describe, expect }) => {
 
       expect(await result.text()).toBe("/api/test");
     });
+    it("collapses leading slashes after stripping base", async () => {
+      t.app.use(withBase("/api", (event) => Promise.resolve(event.path)));
+      const result = await t.fetch("/api//evil.com");
+
+      expect(await result.text()).toBe("/evil.com");
+    });
   });
 
   describe("getQuery", () => {