Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible open redirect #1289

Closed
Amixtika opened this issue Mar 11, 2022 · 3 comments
Closed

Possible open redirect #1289

Amixtika opened this issue Mar 11, 2022 · 3 comments
Assignees
@osma
Labels
bug
Milestone
2.15

Comments

@Amixtika
Copy link

Go to:

https://finto.fi/https://example.com

Select: "In English" on the top right, or any other language.

After that you will be redirected to www.example.com.
@osma
Copy link
Member

osma commented Mar 11, 2022

Thanks for the issue.

I don't see this as an open redirect, as it requires the user to click on a link to https://example.com - but maybe I misunderstood something?

@Amixtika
Copy link
Author

Hi Osma,

The potential issue is that a user can be instructed to click on this link, redirecting the user to a external malicous page.

@osma
Copy link
Member

osma commented Mar 11, 2022

I see what you mean. The scenario seems a bit far-fetched, as this invokes a 404 error page. But I guess it's better to be on the safe side and prevent this from happening in the first place.

@osma osma added the bug label Mar 11, 2022
@osma osma added this to the Next Tasks milestone Mar 11, 2022
@osma osma self-assigned this Apr 21, 2022
@osma osma mentioned this issue Apr 26, 2022
Merged
3 tasks
@osma osma closed this as completed in 91bed66 Apr 26, 2022
@osma osma modified the milestones: Next Tasks, 2.15 Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@osma osma

Labels
bug
Projects
None yet
Milestone
2.15
Development

No branches or pull requests
2 participants
@osma @Amixtika