function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Gaurav Jain 7Gaurav Jain 7 

Trailhead - Developer Advanced -- App Logic Vulnerability Prevention -- Prevent Open Redirects in Your Code

Hi All,

Unable to pass App Logic Vulnerability Prevention -- Prevent Open Redirects in Your Code module:

please see the below code:
 
public PageReference save(){
        PageReference savePage;
        if (Schema.SObjectType.Resource_Type__c.isCreateable()){
            try{
                insert rtype;
                String completion = ApexPages.currentPage().getParameters().get('finishURL');
                if(completion.startsWith('/')){
                      completion.replaceFirst('/','');
                      savePage = new PageReference('/'+completion);
                }
                else
                {
                   savePage = new PageReference(completion); 
                }
                savePage.setRedirect(true);
                return savePage;
            }catch (exception e){
                ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR, 'Unable to update requisitions.  Exception: ' + e.getMessage()));
                return null;
            } 
        }else{
            ApexPages.addmessage(new ApexPages.message(ApexPages.severity.ERROR, 'You do not have permission to update requisitions'));
            return null;
        }
    }

Thanks in advance
NagendraNagendra (Salesforce Developers) 
Hi Gaurav,

Please check with below link from the forums community with a similar issue which might help you further. Please let us know if this helps.

Thanks,
Nagendra
Randy SchultzRandy Schultz
Your line of 
completion.replaceFirst('/','');

really does nothing for you. You want the return value. So do this instead;
completion = completion.replaceFirst('/','');