Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v
diff -u -r1.1.2.10 -r1.1.2.11
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	20 Oct 2015 10:41:37 -0000	1.1.2.10
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	20 Oct 2015 17:24:17 -0000	1.1.2.11
@@ -34,7 +34,6 @@
 
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.lang.StringUtils;
@@ -81,16 +80,9 @@
 			// LoginRequestServlet (integrations) and LoginAsAction (sysadmin) set this parameter
 			String redirectURL = request.getParameter("redirectURL");
 			if (!StringUtils.isBlank(redirectURL)) {
-			    // prevent XSS attack
-			    if (redirectURL.contains("<")) {
-				HttpServletResponse response = (HttpServletResponse) context.getServletResponse();
-				response.sendError(HttpServletResponse.SC_BAD_REQUEST,
-					"redirectURL parameter contains HTML tags");
-				return;
-			    }
 			    SsoHandler.handleRedirectBack(context, redirectURL);
 			}
-
+			
 			/* Fetch UserDTO before completing request so putting it later in session is done ASAP
 			 * Response is sent in another thread and if UserDTO is not present in session when browser completes redirect,
 			 * it results in error. Winning this race is the easiest option.