@taviso If a widely trusted domain can be used to redirect visitors to an untrusted site they didn't intend to visit (phishing or malware host), would you consider that a vulnerability that should be addressed?
Sorry, but I don't think you're going to like my answer. You might be able to convince @sirdarckcat though, depending on context.
-
-
One would think you'd at least filter your open redirects using your own database of known malicious sites.
- 9 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.