=== How does this work?

Built-in framework methods should be preferred as, more often than not, these
provide additional security mechanisms. Usually, these built-in methods are
engineered for internal page redirections. Thus, they might not be the solution
for the reader's use case.

In case the application strictly requires external redirections based on
user-controllable data, this could be done using the following alternatives:

1. Validating the `authority` part of the URL against a statically defined value
(see Pitfalls).
2. Using an allow-list approach in case the destination URLs are multiple but
limited.
3. Adding a customized page to which users are redirected, warning about the
imminent action and requiring manual authorization to proceed.