Check malicious Redirect URL in ASP.NET

Posted by acidzombie24 on Stack Overflow See other posts from Stack Overflow or by acidzombie24
Published on 2010-05-29T21:40:21Z Indexed on 2010/05/29 21:42 UTC
Read the original article Hit count: 315

Filed under:
|

I heard of sites using other site to redirect users either to their own site or to hide behind another site. In my code i redirect in a few places such as post a comment (its easier to use a return url then figure out the page using data given).

How do i check if the return URL is my own url? I think i use absolute paths so i can easily check if the first character is '/' but then i will lose relative flexibility. This also disallows me from doing http://mysite.com/blah in the redirect url. I could patch the url by adding mysite + string but i'll need to figure out if string is a relative url or already a mysite.com url.

Whats the easiest way to ensure i am only redirecting to my site?

© Stack Overflow or respective owner

Related posts about ASP.NET

Related posts about redirect