From dda3124419a5e7572ff38e8f090f9c6a2b239e54 Mon Sep 17 00:00:00 2001
From: ase-101 <sunkadaeanusha@gmail.com>
Date: Mon, 23 Dec 2024 17:10:41 +0530
Subject: [PATCH] ES-1975

Signed-off-by: ase-101 <sunkadaeanusha@gmail.com>
---
 .../io/mosip/esignet/services/AuthorizationServiceImpl.java  | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java
index 1113638ea..f7f826bd4 100644
--- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java
+++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java
@@ -341,12 +341,11 @@ public CompleteSignupRedirectResponse completeSignupRedirect(CompleteSignupRedir
     }
 
     //As pathFragment is included in the response header, we should sanitize the input to mitigate
-    //response splitting vulnerability
+    //response splitting vulnerability. Removed all whitespace characters
     private String sanitizePathFragment(String pathFragment) {
-        return pathFragment.replaceAll("[\r\n]", "");
+        return pathFragment.replaceAll("\\s", "");
     }
 
-
     private OIDCTransaction authenticate(AuthRequest authRequest, boolean checkConsentAction, HttpServletRequest httpServletRequest) {
         OIDCTransaction transaction = cacheUtilService.getPreAuthTransaction(authRequest.getTransactionId());
         if(transaction == null)