For example, can a user put your url with linux commands to go up a folder/directory?
Let's say my server consist of:
bin/
serverfile.go
...
public/
index.html
style.css
"www.example.com/../bin/etc"
with serverfile.go consisting of:
pacakage main
import "net/http"
func main() {
htttp.ListenAndServe(":8000", http.FileServer(http.Dir("public")))
}
The http.FileServer inhibits a breakout of the root directory you specify.
In contrast you could build your own file server with http.ServeFile which would potentially be a dangerous undertaking.
See also Golang. What to use? http.ServeFile(..) or http.FileServer(..)?