Warn user about open redirects

Pascal de Vink · xabbuh · commit 4a4a5fac6b37 · 2016-11-22T21:25:31.000+01:00
diff --git a/controller.rst b/controller.rst
@@ -186,6 +186,14 @@ and ``redirect()`` methods::
 
 For more information, see the :doc:`Routing chapter </routing>`.
 
+.. tip::
+
+    The ``redirect()`` method does not check it's input. If you use user input 
+    directly as it's parameter, you might open up your page to unvalidated 
+    redirects and forwards, which is in the OWASP top 10 of web application 
+    security flaws. For more information, see https://www.owasp.org/index.php/Open_redirect
+
+
 .. tip::
 
     The ``redirectToRoute()`` method is simply a shortcut that creates a
