Uber: XSS in uber oauth
Hi , I have found that when setting a redirecturi for an application you validate for the presence of :// in the beginning of the url , but you don't validate for the protocol and you don't block malicious protocols such as javascript: pseudo protocol and data: URIs. Although the redirecting is...