function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Tejas BodheTejas Bodhe 

URL Redirect Attack In Checkmarx Report

Hello All,

I have a custom button on one of my objects.
From this button, I am calling a visual force page and passing the current records Id as a parameter.

This is my Custom Button URL: "/apex/VF_View_Digital_Asset?assetId={!Digital_Asset__c.Id}"

Now from visual force page controller, I am querying the one field based on "assetId" parameter. 

Snapshot of Controller Code:
recordId=ApexPages.currentPage().getParameters().get('assetId');
Digital_Asset__c redirectValues=[select id, URLToRedirect__c from Digital_Asset__c where id=:recordId];
PageReference nextPage = new PageReference(redirectValues.URLToRedirect__c);

Now, In check Marx report I get "Query: URL Redirection Attack" error.

Is there any way I can solve this issue?
How can I pass record Id from custom button to apex visual force page controller and redirect to another URL based on that record id?

Thanks
Prashant Pandey07Prashant Pandey07
Hi Tejas,

Can you try this.. 
PageReference pg= new PageReference('/'+redirectValues.URLToRedirect__c);
      pg.setRedirect(true);
        return pg;
This single forward slash makes sure that every URL is local to Salesforce.

--
Thanks,
Prashant
Tejas BodheTejas Bodhe
Hi Prashant,

Thanks for the reply I will check that solution and mark it as best answer if it works.

Thanks,
Tejas