&#xfeff;<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN">
<head>
<title> #10 - Non-validated redirects and forwards </title>
<meta name="Generator" content="Author-it" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="Keywords" content=""/>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_toc.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="open_parent.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_load.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_search.js"></script>
<link rel="stylesheet" type="text/css" href="newwave.css"/>
<link rel="stylesheet" type="text/css" href="index_stylesheet.css"/>
<base target="CONTENT"/>
<script>window.ohcglobal || document.write('<script src="/en/dcommon/js/global.js">\x3C/script>')</script></head>
<body onload="loadParent();;bodyLoad();;;if (isTOCLoaded()) {expand('210301');expand('207420');highlight('207433')}" text="#000000" link="#0000A0" alink="#008000" vlink="#FF0000">
	<div id="searchResultsNone"></div>
	<div id="content" style="padding-bottom: 50px;">
		<table summary="" class="relatedtopics aboveheading" cellpadding="0" cellspacing="0" border="0">
<tr valign="top">
<td width= "18">
<p class="bodytext"><a href="207432.htm" target="_self"><img width="34" height="34" src="125.gif" alt="Previous Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "18">
<p class="bodytext"><a href="217485.htm" target="_self"><img width="33" height="34" src="124.gif" alt="Next Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "48">
<p class="bodytext"><a href="javascript:expand('210301');expand('207420');highlight('207433')" onclick="loadTOC()" target="_self"><img width="165" height="27" src="122.gif" alt="Book Contents" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
</tr>
</table>
<h3 class="heading3">#10 - Non-validated redirects and forwards</h3>
<p class="bodytext">Clinical Data API responses do not provide URLs to other resources or sub-resources in the representations that are returned. Therefore, the API is not subject to this vulnerability.</p>

		
	</div>
	<div id="feedback"><a href="mailto:inform_doc_feedback_grp@oracle.com?Subject=Comments about the InForm 6.2 Secure Development Guide - #10 - Non-validated redirects and forwards" target="_top"><img width="24" height="108" src="feedback.gif" alt="Send Feedback"></a>
	</div>
	
	<div id="foot">		
			<ul style="padding: 0;">
				<li class="footer" style="padding: 0 7px 0 0;"><a href="217485.htm">Access to Oracle Support</a></li>
				<li class="footer"><a href="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc" target="_blank">Accessibility</a></li>
				<li class="footer" style="border-right-style: none;"><a href="217488.htm">Legal Notices</a></li>
			</ul>
			<p style="font-size:12px;">Copyright &copy; 2018 Oracle and/or its affiliates. All rights reserved.</p>
	</div>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
</body>
</html>
<footer>
</footer>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
<script>$(document).foundation();</script>
</body>
</html>