com.atlassian.jira.web.action
Class MockRedirectSanitiser
java.lang.Object
com.atlassian.jira.web.action.MockRedirectSanitiser
- All Implemented Interfaces:
- RedirectSanitiser
public class MockRedirectSanitiser
- extends Object
- implements RedirectSanitiser
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
MockRedirectSanitiser
public MockRedirectSanitiser()
makeSafeRedirectUrl
public String makeSafeRedirectUrl(@Nullable
String redirectUrl)
- Description copied from interface:
RedirectSanitiser
- Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or
HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the
redirectUrl
does not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which
facilitate phishing attacks against JIRA users.
- Specified by:
makeSafeRedirectUrl
in interface RedirectSanitiser
- Parameters:
redirectUrl
- a String containing the redirect URL
- Returns:
- a safe redirect URL, or null
canRedirectTo
public boolean canRedirectTo(@Nullable
String redirectUri)
- Description copied from interface:
RedirectSanitiser
- Returns a boolean indicating whether redirecting to the given URI is allowed or not.
This method returns false if the
redirectUri
is an absolute URI and it points to a domain that is not
this JIRA instance's domain, and true otherwise.
If the uri is in the form //xxx then it is not allowed as per JRA-27405.
- Specified by:
canRedirectTo
in interface RedirectSanitiser
- Parameters:
redirectUri
- a String containing a URI
- Returns:
- a boolean indicating whether redirecting to the given URI should be allowed or not
Copyright © 2002-2014 Atlassian. All Rights Reserved.