=== How to fix it in ASP.NET

include::../../common/fix/code-rationale.adoc[]

[cols="a"]
|===
h| Non-compliant code example
|
[source,csharp]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    [HttpGet]
    public void Redirect(string url)
    {
        Response.Redirect(url); // Noncompliant
    }
}
----
h| Compliant solution
|
[source,csharp]
----
using System.Web;
using System.Web.Mvc;

public class ExampleController : Controller
{
    private readonly string[] allowedUrls = { "/", "/login", "/logout" };

    [HttpGet]
    public void Redirect(string url)

    {
        if (allowedUrls.Contains(url))
        {
            Response.Redirect(url);
        }
    }
}
----
|===

include::../../common/fix/how-does-this-work.adoc[]