Open Redirect
Issue #3
resolved
hi, any chance to avoid open redirects on instant-search?
https://www.domain.com/plugins/servlet/ZFIN.instantsearch/track?searchlink=http://google.com
https://detectify.freshdesk.com/support/solutions/articles/48001048961-open-redirect
Comments (6)
-
repo owner -
Great, many thanks!
-
repo owner In dev the link is:
-
repo owner - changed status to resolved
fixes
#3→ <<cset 257d4434f83d>>
-
repo owner @Gereon Heitmann This should be fixed in 2.5.5 of Confluence Server. It will track it explicitly but will provide a warning instead of the redirect. Please let me know if there is anything else.
-
@Instant Search working perfectly Many thanks for your fast response!
- Log in to comment
Thanks for reporting. I’ll make sure to validate the URL to make sure its internal / allowed versus the entire world.