Skip to content

Relax XSS checks on service URL in CAS issuer

Maxime Besson requested to merge fix-cas-checkxss-2540 into v2.0

see discussion in #2540

I have run some test and I think it is safe to allow percent-encoded characters in CAS redirect URLs, not sure about other use cases, so let's just allow this use case for now

Merge request reports