include::../description.adoc[]

== Noncompliant Code Example

----
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  String location = req.getParameter("url");
  resp.sendRedirect(location); // Noncompliant
}
----

== Compliant Solution

----
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    String whiteList = "http://localhost/safe";
    String location = req.getParameter("url");

    if (!location.startsWith(whiteList))
      throw new IOException();

    resp.sendRedirect(location); // Compliant
}
----

include::../see.adoc[]