public void handle_LoginOK()
{
if (context.Request.notNull() && context.Request.QueryString.notNull())
{
var loginReferer = context.Request.QueryString["LoginReferer"] // get user provided redirect
.replace("//","/"); // prevent urls that start with //
if (loginReferer.htmlEncode() != loginReferer ) // prevent html tags
return;
var referTarget = (loginReferer.notNull() && loginReferer.StartsWith("/"))
? loginReferer // only allow paths that start with /
: "/"; // default to redirect to /
context.Response.Redirect(referTarget);
// Response.Redirect will throw an exception so the current request ends here
}
}