Section
3.3.4
Top Level
General
Any forwards generated by your site should only be allowed to target specific locations. Ensure that any forward destination is to an authorized location.
Java

Any forwards generated by your site should only be allowed to target specific locations. Ensure that any forward destination is an authorized location. Check all RequestDispatcher.forward(request, response);