From 44687e3c1c2895f52c1843abeab483bd179ce184 Mon Sep 17 00:00:00 2001
From: chashikajw <chashikajw007@gmail.com>
Date: Thu, 21 Mar 2024 00:34:48 +0530
Subject: [PATCH] Validate callback URL

---
 .../main/extensions/self-registration-username-request.jsp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp b/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp
index 2780d37064..6cfb3fa511 100644
--- a/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp
+++ b/modules/distribution/product/src/main/extensions/self-registration-username-request.jsp
@@ -47,7 +47,8 @@
     Object errorMsgObj = request.getAttribute("errorMsg");
     String callback = Encode.forHtmlAttribute(request.getParameter("callback"));
     boolean isCallBackUrlEmpty = false;
-    if (request.getParameter("callback") == null || request.getParameter("callback").length() == 0) {
+    if (Encode.forHtmlAttribute(request.getParameter("callback")) == null ||
+    Encode.forHtmlAttribute(request.getParameter("callback")).length() == 0) {
         isCallBackUrlEmpty = true;
     }
     String errorCode = null;
@@ -214,7 +215,9 @@
 
                         <div class="align-right buttons">
                              <% if (!isCallBackUrlEmpty) { %>
-                            <a id="goBack" href='<%=request.getParameter("callback")%>' class="ui button link-button">
+                            <a id="goBack"
+                               href='<%=Encode.forHtmlAttribute(request.getParameter("callback"))%>'
+                               class="ui button link-button">
                             <% } else { %>
                             <a id="goBack" onclick="window.history.back()" class="ui button link-button">
                             <% } %>