Enforce relative links [Updated in Security Center 1.3 and 1.5]
Use the glide.cms.catalog_uri_relative property to enforce
relative links from the URI parameter on /ess/catalog.do.
The glide.cms.catalog_uri_relative property enforces relative links from the URI parameter on /ess/catalog.do. If glide.cms.catalog_uri_relative is not set to the recommended value of true, then the URL will not be sanitized with the enforceRelativeURL(url) function. Absolute URLs can pose a security risk when used as a part of parameter or a field value, thus redirecting the source page to an adversary-controlled website.
More information
| Attribute | Description |
|---|---|
| Property name | glide.cms.catalog_uri_relative |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Validation, sanitization, and encoding |
| Purpose | To restrict attempts to link external unauthorized content. |
| Recommended value | true |
| Default value | false |
| Security risk rating | 2.6 |
| Functional impact | This remediation enforces validation on Catalog page such that only Relative URLs are permitted. Existing links to external web applications become broken. |
| Security risk | (High) Absolute URLs can pose a security risk when used as a part of parameter or a field value, thus redirecting the source page to an adversary-controlled website. |
To learn more about adding or creating a system property, see Add a system property.