com.atlassian.jira.web.action
Interface RedirectSanitiser
- All Known Implementing Classes:
- RedirectSanitiserStub, SafeRedirectChecker
public interface RedirectSanitiser
Provides a way for clients to sanitise redirect URLs before issuing the redirect.
- Since:
- 5.1.5
makeSafeRedirectUrl
String makeSafeRedirectUrl(@Nullable
String redirectUrl)
- Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or
HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the
redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which
facilitate phishing attacks against JIRA users.
- Parameters:
redirectUrl
- a String containing the redirect URL
- Returns:
- a safe redirect URL, or null
- Since:
- 5.1.5
Copyright © 2002-2013 Atlassian. All Rights Reserved.