GHSA-R85G-7JPV-8XRX silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL

In follow up to SS-2016-001 there is yet a minor unresolved fix to incorrectly encoded URL...