Open redirect detected.
- Rule ID: javascript_express_open_redirect
- Languages: javascript
- Source: open_redirect.yml
Description
A redirect using unsanitized user input is bad practice and puts your application at greater risk of phishing attacks.
Remediations
❌ Do not use unsanitized user input when constructing URLs
✅ Instead, ensure the input is validated by using a safe list or a mapping when constructing URLs
var map = {
"1": "/planes",
"2": "/trains",
"3": "/automobiles",
}
res.redirect(map[req.body.transport])