Relax XSS checks on service URL in CAS issuer
see discussion in #2540
I have run some test and I think it is safe to allow percent-encoded characters in CAS redirect URLs, not sure about other use cases, so let's just allow this use case for now
see discussion in #2540
I have run some test and I think it is safe to allow percent-encoded characters in CAS redirect URLs, not sure about other use cases, so let's just allow this use case for now