Pages: 1

#1 2019-12-13 12:12:50

asmirnov
Member
Registered: 2018-06-05

redir parameter in address

Hello

Could you, please, explain address parameter redir?
It looks unsafe to redirect to some page
http://demo.raas.datenwerke.net/ReportS … google.com
or something worse like
http://demo.raas.datenwerke.net/ReportS … nt.cookie)

Can it be disabled in some way?

Offline

#2 2020-05-06 08:11:46

eduardo
Administrator
Registered: 2016-11-01
Website

Re: redir parameter in address

Hi asmirnov,

this seems to be a bug. We will remove this for the next version 3.2.0 and 3.1.0-LTS (RS-4096). I will write here when we remove this.

Regards,
Eduardo

Offline

#3 2020-05-07 14:00:44

eduardo
Administrator
Registered: 2016-11-01
Website

Re: redir parameter in address

Hi asmirnov,

as the "redir" parameter is needed for internal redirection in ReportServer, we didn't completely remove this. But we disabled redirection to external websites and to javascript. This will be available with 3.2.0 and 3.1.0-LTS.

Regards,
Eduardo

Offline

Pages: 1

Board footer

Powered by FluxBB