Page is a not externally linkable
Kahless - 9:54 pm on Jan 30, 2010 (gmt 0)
I was concerned they could use the url for some nefarious purpose I am not familiar with. So as long as my app is ignoring it I am ok then so something like this is not a concern? test.com?id=233&f=http://www.someothersite.com/dosomething But something like this I still have to 404 and strip <script>bad code</script> I assume? test.com?id=233&f=http://www.othersite.com/dosomething<script>bad code</script>
They can specify all the extra values they like and it'll make no difference - so why 404 it?