Talk:Top 10 2010-A10-Unvalidated Redirects and Forwards
I don't understand the technical difference between the 2 scenarios. Q1. The first says '..redirects users...'; the second says '...uses forward to route requests ...'; Are these both 3xx responses?
Q2. If the app uses the parameter value to go to a site relative url, are you saying that is inherently risky because the app may not perform any further validation?