From majorpe...@gmail.com on October 26, 2012 06:22:49
What steps will reproduce the problem? 1. Have a simple code that does an isValidRedirectLocation check What is the expected output? What do you see instead? The test will almost always fail, simply because the built-in Redirect pattern is defined as:
Could this be enhanced, so instead a real regexp is used? What version of the product are you using? On what operating system? Does not matter Does this issue affect only a specified browser or set of browsers? No Please provide any additional information below. Since the SecurityWrapperResponse is using the Redirect matching rule as well, probably that fails 99&ESAPILEG-37; of the cases as well.
Is using "URL" instead of "Redirect" a valid workaround?
Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=289