XWiki 13.3RC1 and 12.10.7 introduced a security mechanism to avoid redirecting users to untrusted domains. Extension which uses this API can still bypass the check by setting bypassDomainSecurityCheck to true in the execution context before using the redirect API, to avoid problems if administrators don't properly set it up.
polx
commented
3 years ago
XWiki 13.3RC1 and 12.10.7 introduced a security mechanism to avoid redirecting users to untrusted domains. Extension which uses this API can still bypass the check by setting
bypassDomainSecurityCheckto true in the execution context before using the redirect API, to avoid problems if administrators don't properly set it up.