Unsanitized user input in HTML redirect

  • Rule ID: javascript_lang_open_redirect
  • Languages: javascript
  • Source: open_redirect.yml

Description

A redirect using unsanitized user input is bad practice and puts your application at greater risk of phishing attacks.

Remediations

Avoid using redirects and forwards.

Resources

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_lang_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_lang_open_redirect

Ready to take the next step? Learn more about Bearer Cloud.