Ravi Singh rsingh85
rsingh85
/ gist:b3d8aa79470a41fa111f7a6d54c2671f
Created
August 3, 2023 11:26
Open Redirect Vulnerability - Return URL Validator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private bool IsValidReturnUrl(string returnUrl, HostString host) | |
| { | |
| if (Uri.TryCreate(returnUrl, UriKind.RelativeOrAbsolute, out var uri)) | |
| { | |
| // Check if the URL is absolute and has the same host as the current request. | |
| if (uri.IsAbsoluteUri && uri.Host.Equals(host.Host, StringComparison.OrdinalIgnoreCase)) | |
| { | |
| return true; | |
| } |
OlderNewer