> Besides this, there are many websites that have a redirect script
> somewhere on their website. So the attacker could send the link
> http://www.website.com/redirect?url=/actions/dobadthing which would
> often satisfy that requirement. Your solution also does not address
> such...
> Besides this, there are many websites that have a redirect script
> somewhere on their website. So the attacker could send the link
> http://www.website.com/redirect?url=/actions/dobadthing which would
> often satisfy that requirement. Your solution also does not address
> such...
[ more ]