Vulnerability in EPiServer.Forms
We have an issue with one of our environment that urlResolver.GetUrl(pageLink) returns https://xx.dk/ttps:/xx.dk/toppage/yy-page, which causes problems for our customers when one page redirects to another page, it happens randomly so this doesn't happen everytime.
In another example when the publish event is called the absolute URI is returned
Here urlResolver.GetUrl(xx) returns absolute URL all the times on only one environment, but not on other envirnments -> new Uri(BaseUrl + urlResolver.GetUrl(xx))
Any input would be appreciated
private static void ContentEventsOnPublishedContent(object sender, ContentEventArgs contentEventArgs)
if (!(contentEventArgs.ContentLink is PageReference)) return;
var urlResolver = _urlResolver.Service;
using (var test = new XX())
test.Crawl(new Uri(BaseUrl + urlResolver.GetUrl(contentEventArgs.ContentLink));
catch (Exception e)
Logger.Error("Error during publish of page", e);
This is normally due to host settings in admin if I remember correctly. Make sure you have correct domain etc configured for the website.
If these are not correct you will have issues when changing language in edit (which uses this) and UrlResolver (especially when no HttpContext is available like in scheduled jobs)
The URL format depends on the context - is there an http context available, are you trying to resolve an URL to a page on another site (given you a multi-site setup), your website + host settings, etc.
You can pass in arguments to the resolver and enforce an absolute URL, then parse it as an URI. Then you can decide how you want to use that URI, e.g. if you just want to use the path component of it.
Thanks a lot for the responses.
We have double binding in IIS https://xx.dk & https://www.xx.dk
In EPiServer admin config URL is set to "https://xx.dk/" & Host names is set to ->
We are gettting this type of URL when some page is publised : https://www.xx.dkhttps/xx.dk/parentPage1/parentPage2/test/
I found the issue, it was our Rely Party URL (ADFS login) which contained www now we have changed it to https://xx.dk and it works fine.