Prevent Cross-Site Scripting with Redirect Url (!533) · Merge requests · OSDU / OSDU Data Platform / System / Register

We're sending back a redirect url here The url, path and query params are all customer inputs, and can have malicious content.

To prevent cross-site scripting

Allowing only http/https based urls. Query/Path parameters will be encoded by UriBuilder automatically. Added unit tests to verify that.

Prevent Cross-Site Scripting with Redirect Url