Skip to main content

Reference

 

OutSystems

Open Redirect Warning

The Open Redirect warning is issued in the following situations:

  • Please enclose input parameters with a ReplaceURLDomain() function from HttpRequestHandler to avoid open redirect vulnerabilities

    The input parameter mentioned in the warning has a value that comes from the end-user input and that is susceptible to contain a malicious URL.

    Do one of the following:

    • Replace the 'External Site' element with a well-known page in your application;

    • Replace the 'External Site' element with another 'External Site' element that does not receive a URL as an input and that redirects to a static URL instead;

    • Use the ReplaceURLDomain function from the HTTPRequestHandler extension module to enclose the value of the parameter.

  • Was this article helpful?