• Shiromani Shankaran
  • NEWBIE
  • 10 Points
  • Member since 2017

  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 0
    Questions
  • 3
    Replies
I'm currently stuck on the "Learn Standard Open Redirect Preventions" challenge of the "App Logic Vulnerability Prevention" module.

The challenge is to submit a valid open redirect attack starting from the Standard Redirect Protections Challenge tab.

However, the links on this page are all to standard record pages, where the hack (e.g changing retURL to returl) won't work (it only works on VF pages).

Can anyone give me some advice on where I'm missing something on the challenge?
I am having an issue verifying the Prevent Open Redirect Challenge. The code I put into the VF page is actually working correctly, but the verify is coming back with a standard error message.
 
Also I happen to notice that the code displayed for the "Force Local Redirects Only" section on the trailhead page for "Prevent Open Redirects in Your Code" is inconsistent and possibly in error.
 
In the larger code display it shows the line (09) as being
 
           completion.replaceFirst('/','');
 
but in the follow on description it shows that line of code to be
 
completion.replaceFirst('/+','');
 
And according to the documentation for the ReplaceFirst method it returns a string with the desired changes and does not change the target string. That would seem to indicate that the code in the example given in the module content given is not going to actually remove any initial '/' from completion.
 
The code I put in the VF page which is working, but not verifying for the "Check Challenge" is
 
              if(finishURL.startsWith('/')){ 
                    finishURL = finishURL.replaceFirst('/+',''); 
                    }
                savePage = new PageReference('/'+finishURL);
 
Can someone tell me what I need to change in order to get past this challenge? I have actually completed all the other challenges for this module so this is holding up my completion of this particular module.
 
Thanks in advance for any assistance!
I'm currently stuck on the "Learn Standard Open Redirect Preventions" challenge of the "App Logic Vulnerability Prevention" module.

The challenge is to submit a valid open redirect attack starting from the Standard Redirect Protections Challenge tab.

However, the links on this page are all to standard record pages, where the hack (e.g changing retURL to returl) won't work (it only works on VF pages).

Even if I attempt this and check the challenge, the error I get states: "It doesn't appear that you've successfully redirected to an external website using the Visualforce page. Please try again." - so it implies that it expects me executing this from a custom VF page.

Can anyone give me some advice on where I'm missing something on the challenge?