Open tristandostaler opened 6 years ago
I know this can happen if an untrusted input flows into Response.Redirect()
or Server.Transfer()
. That alone should be pretty straightforward to add (if I understand correctly -- and I may not since I'm really new to this project -- it just means adding to sinks.yml). Are there others on the server side that you know of?
I think it could be interesting to have an analyser that detects potential open redirect.