The vendor (Google) communicated that "they do not consider open redirects to be a security issue". https://www.google.com/amp/seclists.org/bugtraq/2016/Apr/70 …
-
-
I know, hence +1. I don't get why it's nastier though
-
you said "Looking at the <a href> is not enough" - and with classic OR, yeah, the user has to look at the address bar once
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.