From 7e8e8a17c7b8896d3dc02a821f9fbf1b26b03876 Mon Sep 17 00:00:00 2001
From: asha15 <165079T@uom.lk>
Date: Mon, 11 Mar 2024 11:37:59 +0530
Subject: [PATCH] encode callbackurl

---
 .../webapp/self-registration-with-verification-confirm.jsp     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp b/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp
index 7734a3a71c2..ab6ab44f2da 100644
--- a/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp
+++ b/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp
@@ -39,6 +39,7 @@
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.User" %>
 <%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
 <%@ page import="org.wso2.carbon.core.util.SignatureUtil" %>
+<%@ page import="org.owasp.encoder.Encode" %>
 <%@ page import="javax.servlet.http.Cookie" %>
 <%@ page import="java.util.Base64" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %>
@@ -59,7 +60,7 @@
     String applicationAccessUrl = "";
 
     String confirmationKey = request.getParameter("confirmation");
-    String callback = request.getParameter("callback");
+    String callback = Encode.forJava(request.getParameter("callback"));
     String httpMethod = request.getMethod();
     String sp = Encode.forJava(request.getParameter("sp"));
     PreferenceRetrievalClient preferenceRetrievalClient = new PreferenceRetrievalClient();