Skip to content
This repository has been archived by the owner on Dec 13, 2022. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
encode redirect uri in authorize response
  • Loading branch information
brockallen committed Mar 20, 2018
1 parent 92e0c3e commit 21d0da2
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
3 changes: 1 addition & 2 deletions src/Host/web.config
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>

<!--
Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
Expand All @@ -12,6 +11,6 @@ Licensed under the Apache License, Version 2.0. See LICENSE in the project root
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" />
<aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="true" startupTimeLimit="3600" requestTimeout="23:00:00" />
</system.webServer>
</configuration>
5 changes: 4 additions & 1 deletion src/IdentityServer4/Endpoints/Results/AuthorizeResult.cs
Expand Up @@ -15,6 +15,7 @@
using IdentityServer4.Stores;
using IdentityServer4.ResponseHandling;
using Microsoft.AspNetCore.Authentication;
using System.Text.Encodings.Web;

namespace IdentityServer4.Endpoints.Results
{
Expand Down Expand Up @@ -175,7 +176,9 @@ private string GetFormPostHtml()
{
var html = FormPostHtml;

html = html.Replace("{uri}", Response.Request.RedirectUri);
var url = Response.Request.RedirectUri;
url = HtmlEncoder.Default.Encode(url);
html = html.Replace("{uri}", url);
html = html.Replace("{body}", Response.ToNameValueCollection().ToFormPost());

return html;
Expand Down

0 comments on commit 21d0da2

Please sign in to comment.