Konrad Windszus created SLING-4469: -------------------------------------- Summary: SlingPostServlet: do not allow redirects to other hosts Key: SLING-4469 URL: https://issues.apache.org/jira/browse/SLING-4469 Project: Sling Issue Type: Improvement Affects Versions: Servlets Post 2.3.6 Reporter: Konrad Windszus Assignee: Konrad Windszus
Through the {{:redirect}} parameter of the {{SlingPostServlet}} arbitrary redirects are possible (http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect). That should be limited so that redirects to other servers are not possible. Compare also with discussion at: http://www.mail-archive.com/dev@sling.apache.org/msg43348.html. -- This message was sent by Atlassian JIRA (v6.3.4#6332)