Fix doc comment backticks (clippy pedantic)

Author: lovasoa

src/webserver/oidc.rs

@@ -1182,15 +1182,16 @@ impl AudienceVerifier {
 
 /// Returns true if the given value is a safe relative redirect target.
 ///
-/// Only paths starting with a single `/` (not `//`) are accepted, and any value
-/// containing a backslash is rejected. The WHATWG URL Standard treats `\` as
-/// equivalent to `/` for special schemes (http/https), so `/\evil.test` parses
-/// to the authority `evil.test`, i.e. `http://evil.test/`. SQLPage itself uses a
-/// WHATWG parser (the `url` crate) when it builds the absolute
-/// `post_logout_redirect_uri`, so without this check a value classified as
-/// "relative" becomes an external open-redirect target on the server side,
-/// independent of the client. Browsers implementing the same standard (Chromium,
-/// Firefox, Safari) resolve a `Location: /\evil.test` the same way.
+/// Only paths starting with a single `/` (not `//`), with no backslash and no
+/// ASCII control characters, are accepted. The WHATWG URL Standard treats `\` as
+/// equivalent to `/` for special schemes (http/https) and strips tab/newline/CR
+/// before parsing, so `/\evil.test` and `/\t/evil.test` both parse to the
+/// authority `evil.test`, i.e. `http://evil.test/`. The `url` crate that builds
+/// the absolute `post_logout_redirect_uri` is itself a WHATWG parser, so without
+/// this check a value classified as "relative" becomes an external open-redirect
+/// target on the server side, independent of the client. Browsers implementing
+/// the same standard (Chromium, Firefox, Safari) resolve a `Location: /\evil.test`
+/// the same way.
 pub(crate) fn is_safe_relative_redirect(uri: &str) -> bool {
     // Reject backslashes and ASCII control characters. The WHATWG URL parser
     // used by SQLPage's `url` crate (and by browsers) treats `\` as `/`, and it