hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Explain about redirects to example.com.

Browse Source
This commit is contained in:
Max Schaefer
2023-09-07 09:12:07 +01:00
parent a02f373e79
commit 46d7165885
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
View File

@@ -38,11 +38,19 @@ before doing the redirection:
<sample src="examples/ServerSideUrlRedirectGood.js"/>
<p>
Alternatively, we can check that the target URL does not redirect to a different host:
Alternatively, we can check that the target URL does not redirect to a different host
by parsing it relative to a base URL with a known host and verifying that the host
stays the same:
</p>
<sample src="examples/ServerSideUrlRedirectGood2.js"/>
<p>
Note that as written, the above code will allow redirects to URLs on <code>example.com</code>,
which is harmless but perhaps not intended. Substitute your own domain name for
<code>example.com</code> to prevent this.
</p>
</example>
<references>