One of the most common and largely overlooked vulnerabilities by web developers is Open Redirect (also known as “Unvalidated Redirects and Forwards”). 其中一个最常见的，也是大部分被网站开发者忽视的漏洞是开放重定向（也称为 “无效重定向和转发”）。 A website is vulnerable to Open Redirect when parameter values (the portion of URL after “?”) in an HTTP GET request allow for information that will redirect a user to a new website without any validation of the target of redirect.

非同源地址进行跨域请求演示： 1234 var xhr = new XMLHttpRequest();xhr.open('get', '接口'); xhr.send(); http辅助演示文件： http的get请求的请求报文组成演示： ​ 第一行为请求行 GET /api/getbooksid=1&bookname=%E8%A5%BF%E6%B8%B8%E8%AE%B0 HTTP/1.1