Check malicious Redirect URL in ASP.NET
Posted
by acidzombie24
on Stack Overflow
See other posts from Stack Overflow
or by acidzombie24
Published on 2010-05-29T21:40:21Z
Indexed on
2010/05/29
21:42 UTC
Read the original article
Hit count: 315
I heard of sites using other site to redirect users either to their own site or to hide behind another site. In my code i redirect in a few places such as post a comment (its easier to use a return url then figure out the page using data given).
How do i check if the return URL is my own url? I think i use absolute paths so i can easily check if the first character is '/' but then i will lose relative flexibility. This also disallows me from doing http://mysite.com/blah in the redirect url. I could patch the url by adding mysite + string but i'll need to figure out if string is a relative url or already a mysite.com url.
Whats the easiest way to ensure i am only redirecting to my site?
© Stack Overflow or respective owner