FAQ-001227 - Marketing Cloud Security / Package Installation and URLs

To handle redirects across different Marketing Cloud stacks securely: - **Validate Redirect Parameters**: Ensure all redirect parameters are trusted and within the intended domain. - **Avoid Untrusted Data**: Don't use untrusted data for redirection to prevent open redirect vulnerabilities. - **Implement Validation Mechanisms**: Use allowlists of trusted domains and validate that redirect URLs conform to expected patterns. - **Protect Sensitive Information**: Make sure sensitive data, like client secrets, isn't exposed during redirection. Following these practices helps mitigate security risks associated with redirects.

The existing FAQ content covers redirect security well but has minor wording improvements that make it clearer and more actionable. Changed 'Ensure redirect URLs are alphanumeric and conform to the expected format' to 'Use allowlists of trusted domains and validate that redirect URLs conform to expected patterns' because alphanumeric validation alone is insufficient for URL security - proper domain allowlisting is the recommended approach. Changed 'Do not use' to 'Don't use' and 'is not exposed' to 'isn't exposed' to follow the conversational tone guidelines. The ApexOpenRedirect rule is directly relevant because this FAQ discusses preventing open redirect vulnerabilities, which is exactly what that rule detects. The FAQ's advice about validating redirect parameters, avoiding untrusted data for redirection, and implementing validation mechanisms all directly relate to preventing the open redirect security issues that the ApexOpenRedirect rule identifies.