pub fn safe_join_within_base(
base: &Path,
relative: &str,
) -> Result<PathBuf, String>Expand description
Lexically join relative onto base while guaranteeing the result
stays inside base. No filesystem access — does not require either
path to exist, which matters on Windows where Path::canonicalize
adds the \\?\ UNC prefix and breaks naive starts_with checks
against not-yet-created files.
The relative path:
- must be non-empty
- must NOT be absolute (rooted, drive-prefixed, or starting with
//\) - must NOT contain a
..component - may contain
.components (silently dropped) - is treated as forward- or back-slash separated; both are accepted
Returns base.join(<cleaned>) on success.