summaryrefslogtreecommitdiff
path: root/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java2
1 files changed, 1 insertions, 1 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 18e38752..45e966d9 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -610,7 +610,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
public String getRedirectURL() {
String redirectURL = getFormParameterAsString(FixedFormParameters.REDIRECTURL);
log.debug("Evaluating redirectURL: " + redirectURL);
- if (redirectURL == null || redirectURL.isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") ||
+ if (redirectURL == null || redirectURL.trim().isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") ||
redirectURL.contains("<") || redirectURL.toLowerCase().contains("javascript:"))
return null;
return redirectURL;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 15:00:00 +0000