File tree 1 file changed +6
-5
lines changed
1 file changed +6
-5
lines changed Original file line number Diff line number Diff line change @@ -186,12 +186,11 @@ and ``redirect()`` methods::
186186
187187For more information, see the :doc: `Routing chapter </routing >`.
188188
189- .. tip ::
189+ .. caution ::
190190
191- The ``redirect() `` method does not check it's input. If you use user input
192- directly as it's parameter, you might open up your page to unvalidated
193- redirects and forwards, which is in the OWASP top 10 of web application
194- security flaws. For more information, see https://www.owasp.org/index.php/Open_redirect
191+ The ``redirect() `` method does not check its destination in any way. If you
192+ redirect to some URL provided by the end-users, your application may be open
193+ to the `unvalidated redirects security vulnerability `_.
195194
196195
197196.. tip ::
@@ -571,3 +570,5 @@ Learn more about Controllers
571570 :glob:
572571
573572 controller/*
573+
574+ .. _`unvalidated redirects security vulnerability` : https://www.owasp.org/index.php/Open_redirect
You can’t perform that action at this time.
0 commit comments