We're reviewing our recent security scans and we had a red flag on the usage of ":redirect" in our forms. It's being flagged as a potential attack vector as you can set this to any url. So knowing that these reports are indicators of potential problems and not always valid. I wanted to get some clarity from the sling user base to whether they have seen this before, is there a setting that I am missing? Or do I need to do some additional to prevent this from being an issue? Etc.
Thanks -Jason Bailey
