Arbitrary Page Redirect

Detect statements that might expose your app to Arbitrary Page Redirect vulnerability.

Lorenzo Frattini avatar
Written by Lorenzo Frattini
Updated over a week ago

Rationale

Arbitrary Page Redirects are possible when a web application could redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may launch a phishing scam and steal user credentials.

Scope

  • Visualforce page

  • Visualforce components

  • Apex controllers

Did this answer your question?