Skip to content

Commit

Permalink
Validate callback URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@chashikajw
chashikajw committed Mar 20, 2024
1 parent 7415fba commit 44687e3
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions modules/distribution/product/src/main/extensions/self-registration-username-request.jsp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@
Object errorMsgObj = request.getAttribute("errorMsg");
String callback = Encode.forHtmlAttribute(request.getParameter("callback"));
boolean isCallBackUrlEmpty = false;
if (request.getParameter("callback") == null || request.getParameter("callback").length() == 0) {
if (Encode.forHtmlAttribute(request.getParameter("callback")) == null ||
Encode.forHtmlAttribute(request.getParameter("callback")).length() == 0) {
isCallBackUrlEmpty = true;
}
String errorCode = null;
Expand Down Expand Up @@ -214,7 +215,9 @@

<div class="align-right buttons">
<% if (!isCallBackUrlEmpty) { %>
<a id="goBack" href='<%=request.getParameter("callback")%>' class="ui button link-button">
<a id="goBack"
href='<%=Encode.forHtmlAttribute(request.getParameter("callback"))%>'
class="ui button link-button">
<% } else { %>
<a id="goBack" onclick="window.history.back()" class="ui button link-button">
<% } %>
Expand Down

0 comments on commit 44687e3

Please sign in to comment.