wso2 · KD23243 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
diff --git a/.changeset/short-grapes-attack.md b/.changeset/short-grapes-attack.md
@@ -0,0 +1,5 @@
+---
+"@wso2is/identity-apps-core": major
+---
+
+Revert callback validation logic
diff --git a/...ity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-username-request.jsp b/...ity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-username-request.jsp
@@ -27,9 +27,6 @@
 <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.AuthenticationEndpointUtil" %>
 <%@ page import="static org.wso2.carbon.identity.application.authentication.endpoint.util.Constants.STATUS" %>
 <%@ page import="static org.wso2.carbon.identity.application.authentication.endpoint.util.Constants.STATUS_MSG" %>
-<%@ page import="org.wso2.carbon.identity.recovery.IdentityRecoveryConstants" %>
-<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
-<%@ page import="org.wso2.carbon.identity.base.IdentityRuntimeException" %>
 <%@ page import="org.wso2.carbon.identity.application.authentication.endpoint.util.Constants" %>
 <%@ page import="org.wso2.carbon.identity.captcha.util.CaptchaUtil" %>
 <%@ page import="org.wso2.carbon.identity.core.URLBuilderException" %>
@@ -307,22 +304,6 @@
         consentPurposeGroupName = "JIT";
     }
 
-    try {
-        if (StringUtils.isNotBlank(callback) && !Utils.validateCallbackURL(callback, tenantDomain,
-            IdentityRecoveryConstants.ConnectorConfig.SELF_REGISTRATION_CALLBACK_REGEX)) {
-            request.setAttribute("error", true);
-            request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
-                "Callback.url.format.invalid"));
-            request.getRequestDispatcher("error.jsp").forward(request, response);
-            return;
-        }
-    } catch (IdentityRuntimeException e) {
-        request.setAttribute("error", true);
-        request.setAttribute("errorMsg", e.getMessage());
-        request.getRequestDispatcher("error.jsp").forward(request, response);
-        return;
-    }
-
     if (StringUtils.isBlank(callback) || StringUtils.equalsIgnoreCase(callback, "null")) {
         callback = Encode.forHtmlAttribute(IdentityManagementEndpointUtil.getUserPortalUrl(
                 application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain));
@@ -762,7 +743,7 @@
                             <div class="field external-link-container text-small">
                                 <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle,
                                         "Already.have.an.account")%>
-                                <a href="<%= StringEscapeUtils.escapeHtml4(backToUrl) %>">
+                                <a href="<%=backToUrl%>">
                                     <%=IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, "Sign.in")%>
                                 </a>
                             </div>