Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.jira.web.action
Interface RedirectSanitiser

All Known Implementing Classes:
RedirectSanitiserStub, SafeRedirectChecker
public interface RedirectSanitiser

Provides a way for clients to sanitise redirect URLs before issuing the redirect.

Since:
5.1.5

Method Summary
 String makeSafeRedirectUrl(String redirectUrl)
          Constructs a safe redirect URL out of user-provided input.
 

Method Detail

makeSafeRedirectUrl

String makeSafeRedirectUrl(@Nullable
                           String redirectUrl)
Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the redirectUrl does not meet these conditions, this method returns null.

This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.

Parameters:
redirectUrl - a String containing the redirect URL
Returns:
a safe redirect URL, or null
Since:
5.1.5
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2002-2013 Atlassian. All Rights Reserved.