System Information
- 4.22:
Hi,
Wanted some opinion on potential security flaw/exploit. Let me prepend this by saying I am not a high end developer, sysop or infrastructure engineer. I am doing UAT on a new strapi/next site.
The site has a deep category structure. Each level contains a number of items, similar to a traditional ecommerce site but with bespoke product/items.
The scenario is:
URL= /cat1/cat2/item
Add to the end of the URL: /cat1/cat2/item/www.google.com/
When you push this, it reloads the page. It takes a second to reload the items, no 404 as expected but interestingly it adds the www.google.com as a breadcrumb.
Main concerns are around malicious intent; sending bad site links to that url despite the fact we have no content related.
Would anyone agree?