March, 2010

  • Sacha Faust Web Security Blog

    Watch out for scheme relative urls

    Doing my usual random code browsing yesterday I stumbled on a method that peaked my curiosity. The intent of the method is to only allow redirect to relative paths. If the redirect is not a relative path, it is rejected. Let’s look at the implementation...
Page 1 of 1 (1 items)