public interface RedirectSanitiser
|Modifier and Type||Method and Description|
Returns a boolean indicating whether redirecting to the given URI is allowed or not.
Constructs a safe redirect URL out of user-provided input.
@Nullable String makeSafeRedirectUrl(@Nullable String redirectUrl)
redirectUrldoes not meet these conditions, this method returns null.
This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.
redirectUrl- a String containing the redirect URL
boolean canRedirectTo(@Nullable String redirectUri)
This method returns false if the
redirectUri is an absolute URI and it points to a domain that is not
this JIRA instance's domain, and true otherwise.
If the uri is in the form //xxx then it is not allowed as per JRA-27405.
If the uri contains any non-valid URL character, like backslashes, it is denied redirection as it could
result in a potential open redirect attack.
redirectUri- a String containing a URI
Copyright © 2002-2017 Atlassian. All Rights Reserved.