Hello all,
Is it safe to put the following code (check if "url" starts with http://
or https://) in casLogoutView.jsp, in order to "re-enable" url parameter
functionality as defined in http://www.jasig.org/cas/protocol (section
2.3.1)?
<c:if test="${not empty param['url']}">
<c:if test="${fn:substring(fn:escapeXml(param['url']),0,7) == 'http://'
or fn:substring(fn:escapeXml(param['url']),0,8) == 'https://'}">
<p>
<spring:message code="screen.logout.redirect"
arguments="${fn:escapeXml(param.url)}" />
</p>
</c:if>
</c:if>
Thanks,
Pavlos
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
