1f4aed2865
* Move metadata to root * Define S6105 for JS/TS * Move message.adoc * Fix incorrect autolink * Fix standards header * Add "noncompliant" to code sample * Change header styling * Apply suggestions from code review Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com> * Update rules/S6105/common/fix/how-does-this-work.adoc Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com> * Update rules/S6105/common/pitfalls/starts-with.adoc Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com> * Remove reference to javascript pseudo-protocol * Update rules/S6105/common/fix/how-does-this-work.adoc Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com> * Rewrite startsWith text * Change framework name Co-authored-by: gaetan-ferry-sonarsource <112399173+gaetan-ferry-sonarsource@users.noreply.github.com>
2 lines
286 B
Plaintext
2 lines
286 B
Plaintext
The following noncompliant code example is vulnerable to open redirection as it constructs a URL with user-controllable data. This URL is then used to redirect the user without being first validated. An attacker can leverage this to manipulate users into performing unwanted redirects.
|