Redirect to destination from possibly tainted source RS-S1009
Security
Major
a01
cwe-601
owasp top 10
Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.
Bad practice
use actix_web_lab::web as web_lab;
fn get_redirect(dest: String) -> web_lab::Redirect {
web_lab::redirect("/".into(), dest) // Unsanitised string `dest`
}
// OR
fn get_redirect(dest: String) -> web_lab::Redirect {
web_lab::Redirect::new("/".into(), dest) // Unsanitised string `dest`
}