Request.UrlReferrer null?

by

UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it’s variable.

I know some “security” suites (like Norton’s Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I’m sure there’s some Firefox extensions to do the same thing.

Bottom line is that you shouldn’t trust it. Just append the url to the GET string and redirect based off that.

UPDATE: As mentioned in the comments, it is probably a good idea to restrict the redirect from the GET parameter to only work for domain-less relative links, refuse directory patterns (../), etc. So still sanity check the redirect; if you follow the standard “don’t use any user-supplied input blindly” rule you should be safe.

More Related Contents:

  1. The name ‘ConfigurationManager’ does not exist in the current context
  2. How can I embed an application manifest into an application using VS2008?
  3. Display lines number in Stack Trace for .NET assembly in Release mode
  4. Can’t view designer when coding a form in C#
  5. What is the difference between Debug and Release in Visual Studio?
  6. Does C# 8 support the .NET Framework?
  7. Detect target framework version at compile time
  8. How do I create/edit a Manifest file?
  9. Parsing Visual Studio Solution files
  10. Don’t stop debugger at THAT exception when it’s thrown and caught
  11. Combining multiple Attributes to a single Attribute – Merge Attributes
  12. How to debug a referenced dll (having pdb)
  13. Visual Studio build fails: unable to copy exe-file from obj\debug to bin\debug
  14. Determine assembly version during a post-build event
  15. Visual Studio – Resx File default ‘internal’ to ‘public’
  16. Can I set LARGEADDRESSAWARE from within Visual Studio?
  17. Visual Studio 2013 doesn’t discover unit tests
  18. Enable SSL in Visual Studio
  19. No Source available
  20. Is there anyway to #define CONSTANT on a solution basis?
  21. Program and debugger quit without indication of problem
  22. Put WPF control into a Windows Forms Form?
  23. How can we change the background color of all other forms from one form?
  24. Show controls added programmatically in WinForms app in Design view?
  25. Save Settings in VB.Net or C#
  26. Shared AssemblyInfo for uniform versioning across the solution
  27. Symbol file not loading for debugging custom project in Visual Studio 2012
  28. How to create an installer for a .net Windows Service using Visual Studio
  29. Static Linking of libraries created on C# .NET
  30. C# tutorial to write gadgets

Leave a Comment