/// <summary> /// 防止开发重定向,篡改returnurl /// </summary> /// <param name="request"></param> /// <param name="url"></param> /// <returns></returns> private static bool IsLocalUrl(string url) { if (string.IsNullOrEmpty(url)) { return false; } Uri absoluteUri; if (Uri.TryCreate(url, UriKind.Absolute, out absoluteUri)) { return String.Equals(HttpContext.Current.Request.Url.Host, absoluteUri.Host, StringComparison.OrdinalIgnoreCase); } else { bool isLocal = !url.StartsWith("http:", StringComparison.OrdinalIgnoreCase) && !url.StartsWith("https:", StringComparison.OrdinalIgnoreCase) && Uri.IsWellFormedUriString(url, UriKind.Relative); return isLocal; } }
posted on
