Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -N -r1.189.2.103 -r1.189.2.104
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	7 Oct 2021 11:07:50 -0000	1.189.2.103
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	4 Nov 2021 16:11:28 -0000	1.189.2.104
@@ -235,11 +235,20 @@
 
 ad_proc -public util::get_referrer {
     -relative:boolean
+    -trusted:boolean
 } {
     @return referrer from the request headers.
     @param relative return the refer without protocol and host
 } {
     set url [ns_set iget [ns_conn headers] Referer]
+    #
+    # Don't return untrusted header field when -trusted was
+    # specified. An attacker might to sneak in e.g. a JavaScript URL.
+    #
+    if { $trusted_p && [util::external_url_p $url]} {
+        ns_log warning "someone tried to sneak in an untrusted referrer '$url'"
+        set url ""
+    }
     if {$relative_p} {
         # In case the referrer URL has a protocol and host remove it
         regexp {^[a-z]+://[^/]+(/.*)$} $url . url