I've searched every forum and tutorial I can think of and no one has discussed or described this.
ScanAlert objects to the "redirect" statement in our forms, which sends the customer to a "Thank You" page on the site. They claim the redirect statement makes it possible for hackers to insert additional URLs of their choosing and set up a phishing scheme. Their solution is for me to set up a whitelist, containing the pages for which the redirect is valid, to prevent it. The problem is I have no idea how to set up this whitelist or how to use it. Has anyone done this? We're using simple Formmail, with basic forms that collect only contact information. They're going to pull the HackerSafe logo if I don't fix it, so I'd appreciate any help I can get.