com.atlassian.jira.web.action.RedirectSanitiser |
Known Indirect Subclasses
|
Provides a way for clients to sanitise redirect URLs before issuing the redirect.
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Returns a boolean indicating whether redirecting to the given URI is allowed or not.
| |||||||||||
Constructs a safe redirect URL out of user-provided input.
|
Returns a boolean indicating whether redirecting to the given URI is allowed or not.
This method returns false if the redirectUri
is an absolute URI and it points to a domain that is not
this JIRA instance's domain, and true otherwise.
If the uri is in the form //xxx then it is not allowed as per JRA-27405.
redirectUri | a String containing a URI |
---|
Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or
HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.
redirectUrl | a String containing the redirect URL |
---|