2022-08-04 17:21:56 +02:00
|
|
|
=== How to fix it in ASP.NET
|
|
|
|
|
|
2022-08-05 12:24:14 +02:00
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
2022-08-04 17:21:56 +02:00
|
|
|
|
|
|
|
|
[cols="a"]
|
|
|
|
|
|===
|
|
|
|
|
h| Non-compliant code example
|
|
|
|
|
|
|
|
|
|
|
[source,csharp]
|
|
|
|
|
----
|
|
|
|
|
using System.Web;
|
|
|
|
|
using System.Web.Mvc;
|
|
|
|
|
|
2022-08-05 12:24:14 +02:00
|
|
|
public class ExampleController : Controller
|
2022-08-04 17:21:56 +02:00
|
|
|
{
|
|
|
|
|
[HttpGet]
|
2022-08-05 12:24:14 +02:00
|
|
|
public void Redirect(string url)
|
2022-08-04 17:21:56 +02:00
|
|
|
{
|
2022-08-05 12:24:14 +02:00
|
|
|
Response.Redirect(url); // Noncompliant
|
2022-08-04 17:21:56 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
h| Compliant solution
|
|
|
|
|
|
|
|
|
|
|
[source,csharp]
|
|
|
|
|
----
|
|
|
|
|
using System.Web;
|
|
|
|
|
using System.Web.Mvc;
|
|
|
|
|
|
2022-08-05 12:24:14 +02:00
|
|
|
public class ExampleController : Controller
|
2022-08-04 17:21:56 +02:00
|
|
|
{
|
|
|
|
|
private readonly string[] allowedUrls = { "/", "/login", "/logout" };
|
|
|
|
|
|
|
|
|
|
[HttpGet]
|
2022-08-05 12:24:14 +02:00
|
|
|
public void Redirect(string url)
|
2022-08-04 17:21:56 +02:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
if (allowedUrls.Contains(url))
|
|
|
|
|
{
|
|
|
|
|
Response.Redirect(url);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|===
|
|
|
|
|
|
2022-08-05 12:24:14 +02:00
|
|
|
include::../../common/fix/how-does-this-work.adoc[]
|
