rspec/rules/S5146/common/fix/how-does-this-work.adoc

=== How does this work?

In case the application strictly requires redirecting based on user-controllable data, this could be done using the following alternatives:

1. Using an allow-list approach, in case the destination URLs are limited.
2. Adding a customized page to which users are redirected, warning about the imminent action and requiring manual authorization to proceed.
[APPSEC-59] Modify rule S5146: Educational content (Java) (#1146) 2022-08-05 12:24:14 +02:00			`=== How does this work?`

			`In case the application strictly requires redirecting based on user-controllable data, this could be done using the following alternatives:`

			`1. Using an allow-list approach, in case the destination URLs are limited.`
			`2. Adding a customized page to which users are redirected, warning about the imminent action and requiring manual authorization to proceed.`