我有一个关于“打开重定向”的强化警报。我已经浏览了很少的网站来了解,但是找不到解决方案。
问题:
if (domain != null && !domain.isEmpty()) {
response.sendRedirect("https://" + domain + request.getServletPath() + "?" + request.getQueryString() + "&markAs=true");
}
强化警报消息:
The file passes unvalidated data to an HTTP redirect function on line 148. Allowing unvalidated input to control the URL used in a redirect can aid phishing attacks.
我尝试通过创建如下所示的新方法,但仍然无法正常工作。请对此发表任何见解
response.sendRedirect("https://" + domain + getUrl(request) + "&abredir=true");
private String getUrl(HttpServletRequest request) {
return request.getServletPath() + "?" + request.getQueryString();
}