diff options
Diffstat (limited to 'bkucommon')
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 18e38752..45e966d9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -610,7 +610,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public String getRedirectURL() { String redirectURL = getFormParameterAsString(FixedFormParameters.REDIRECTURL); log.debug("Evaluating redirectURL: " + redirectURL); - if (redirectURL == null || redirectURL.isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") || + if (redirectURL == null || redirectURL.trim().isEmpty() || redirectURL.contains("\r") || redirectURL.contains("\n") || redirectURL.contains("<") || redirectURL.toLowerCase().contains("javascript:")) return null; return redirectURL; |