RedirectSanitiserImpl (Atlassian Jira

java.lang.Object
- com.atlassian.jira.web.action.RedirectSanitiserImpl

All Implemented Interfaces:: RedirectSanitiser

public class RedirectSanitiserImpl
extends Object
implements RedirectSanitiser

Constructor Summary

Constructors
Constructor and Description

RedirectSanitiserImpl(VelocityRequestContextFactory velocityRequestContextFactory)

Constructors
Constructor and Description
`RedirectSanitiserImpl(VelocityRequestContextFactory velocityRequestContextFactory)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`canRedirectTo(String redirectUri)` Returns a boolean indicating whether redirecting to the given URI is allowed or not.
`protected String`	`getCanonicalBaseURL()` Returns the canonical base URL for JIRA.
`String`	`makeSafeRedirectUrl(String redirectUrl)` Constructs a safe redirect URL out of user-provided input.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - RedirectSanitiserImpl
```
public RedirectSanitiserImpl(VelocityRequestContextFactory velocityRequestContextFactory)
```
- Method Detail
  - canRedirectTo
```
public boolean canRedirectTo(@Nullable
                             String redirectUri)
```
    Description copied from interface: RedirectSanitiser
    
    Returns a boolean indicating whether redirecting to the given URI is allowed or not.
    This method returns false if the redirectUri is an absolute URI and it points to a domain that is not this JIRA instance's domain, and true otherwise. If the uri is in the form //xxx then it is not allowed as per JRA-27405. If the uri contains any non-valid URL character, like backslashes, it is denied redirection as it could result in a potential open redirect attack.
    
    Specified by:
    
    canRedirectTo in interface RedirectSanitiser
    
    Parameters:
    
    redirectUri - a String containing a URI
    
    Returns:
    
    a boolean indicating whether redirecting to the given URI should be allowed or not
  - makeSafeRedirectUrl
```
@Nullable
public String makeSafeRedirectUrl(@Nullable
                                            String redirectUrl)
```
    Description copied from interface: RedirectSanitiser
    
    Constructs a safe redirect URL out of user-provided input. This means checking that the URL has an HTTP or HTTPS scheme, and that it does not redirect to a different domain (i.e. not JIRA). If the redirectUrl does not meet these conditions, this method returns null.
    This is used to prevent Open redirect attacks, which facilitate phishing attacks against JIRA users.
    
    Specified by:
    
    makeSafeRedirectUrl in interface RedirectSanitiser
    
    Parameters:
    
    redirectUrl - a String containing the redirect URL
    
    Returns:
    
    a safe redirect URL, or null
  - getCanonicalBaseURL
```
protected String getCanonicalBaseURL()
```
    Returns the canonical base URL for JIRA.
    
    Returns:
    
    a String containing the canonical base URL

Class RedirectSanitiserImpl

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

RedirectSanitiserImpl

Method Detail

canRedirectTo

makeSafeRedirectUrl

getCanonicalBaseURL