You need to sign in to do that
Don't have an account?
BPOOR
Open Redirect Security Issue
We are using a third party company to scan our salesforce code for SOQL Injection and Vulnerability issues with open page redirects. The below code is flagged as a vulnerability.
public Pagereference customCancel() { Pagereference objPageref = new Pagereference('/apex/FulcrumInlineEdit?id='+OptyId); objPageref.setRedirect(true); return objPageref;The page is not using any URL hacking mechanisms like saveUrl, retUrl or cancelUrl. Based on the information given in the trailhead Prevent Open Redirects in your code (https://trailhead.salesforce.com/en/content/learn/modules/secdev_application_logic_vulnerabilities/secdev_app_logic_preventing_open_redirect), I am not sure how to modify the above code to make it secure. Can someone help?
The below blog might answer your query,
https://developer.salesforce.com/forums/?id=906F000000092MSIAY
https://salesforce.stackexchange.com/questions/42015/prevention-for-open-redirect-problem-in-salesforce
Thanks!
Thanks for your response. Based on the link you have provided, my PageReference starts with "/" and not using any returnUrl or something like that. What do I need to change in this case? If there is a returnUrl or something like, I can either use ApexPages.currrentPage.getParameters().get('returnUrl) and then I can check to see if it is starting with / or I can do use whitelisting to see if it is one of allowed domains However, in this case, we are just using /apex/FulcrumInlineEdit with OpportunityId. I am not sure how I can change this.