[PM-3561] Clean the return url of any whitespace (#3696)

* clean the return url of any whitespace * ReplaceWhiteSpace helper * tests for ReplaceWhiteSpace helper --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2025-07-03 00:52:49 -05:00 · 2024-02-06 13:30:37 -05:00
parent 7c4854f75a
commit fc1d7c7059
3 changed files with 19 additions and 0 deletions
--- a/bitwarden_license/src/Sso/Controllers/AccountController.cs
+++ b/bitwarden_license/src/Sso/Controllers/AccountController.cs
@ -209,6 +209,8 @@ public class AccountController : Controller
            returnUrl = "~/";
        }

+        // Clean the returnUrl
+        returnUrl = CoreHelpers.ReplaceWhiteSpace(returnUrl, string.Empty);
        if (!Url.IsLocalUrl(returnUrl) && !_interaction.IsValidReturnUrl(returnUrl))
        {
            throw new Exception(_i18nService.T("InvalidReturnUrl"));