ISVforce Guide

Welcome to the ISVforce Guide
ISVforce Quick Start
Grow Your AppExchange Business
Design and Build Your Solution
Create a Secure Solution
Prevent Common Violations of Secure Coding Guidelines
Loading JavaScript Files from Third-Party Endpoints
Loading Third-Party CSS in Lightning Components
Using CSS Outside Components
Running JavaScript in the Salesforce Domain
Exposing Secret Data When Debugging
Storing Sensitive Data Insecurely
Using Software That Has Known Vulnerabilities
Using Sample Code in Production
Bypassing Object-Level and Field-Level Access Settings
Bypassing Sharing Rules in Apex
SOQL Injection Due to Insecure Database Query Construction
Cross-Site Request Forgery
Open Redirects
Lightning LockerService Disabled
Insufficient Escaping in Lightning Components
Asynchronous Code in Components
Overview of Packages
Components Available in Managed Packages
About API and Dynamic Apex Access in Packages
Architectural Considerations for Group and Professional Editions
Connected Apps
Environment Hub
Developer Hub
Notifications for Package Errors
Package and Test Your Solution
Pass the AppExchange Security Review
Publish Your Solution on AppExchange
Sell on AppExchange with Checkout
Monitor Performance with Analytics for AppExchange Partners
Manage Orders
Managing Licenses for Managed Packages
Partner Licensing Platform (Developer Preview)
Manage Features in First-Generation Managed Packages
Provide a Free Trial of Your Solution
Support Your AppExchange Customers
Update Your Solution
Appendices
Glossary
PDF

Newer Version Available

This content describes an older version of this product. View Latest

Open Redirects

An open redirect occurs when an application dynamically redirects to a user-controlled parameter value without any validation. Prevent open redirects by using hardcoded redirects.

Open redirects are also known as arbitrary or unvalidated redirects. This vulnerability is used in phishing attacks to redirect users to any URL.

Apex Example

In this function definition, the String.redirect statement retrieves the redirect URL parameter for the current page. The parameter is used to craft a redirection URL, and then to perform a client-side redirect to the crafted URL.
1public PageReference changepassword(){
2   PageReference savePage;
3   String redirect = ApexPages.currentPage().getParameters().get('redirect');
4   redirect = (redirect == NULL) ? '/home/home.jsp' : redirect;
5   savePage = new PageReference(redirect);
6   savePage.setRedirect(true);
7   return savePage;
8}

The <apex:form> Visualforce markup view triggers the changepassword action, which results in an open redirect vulnerability in a package.

1<apex:form>
2   Redirection action: <apex:inputText value="{!userInput}" />
3   <br/><apex:commandButton value="Submit" action="{!changepassword}" />
4</apex:form>

Revised Code

Open redirects expose your redirection parameters to potential attackers. You can prevent open redirects using multiple strategies. One strategy is to use hardcoded redirects. In a hardcoded redirect, you set the value explicitly as shown in this example:
1public PageReference changepassword(){
2   PageReference savePage;
3   savePage = new PageReference('/home/home.jsp');
4   savePage.setRedirect(true);
5   return savePage;
6}

To learn more about open redirects and how to prevent them in your code, check out the Secure Server-Side Development module on Trailhead.