Как предотвратить открытые атаки перенаправления?

Observation
            Un-validated Redirect: The login form is vulnerable to un-validated redirect attacks:
 
Affected URLs: https://example.com/login.aspx?returnURL=https://www.attacker.com 

Impact 
          By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Recomendation
          Whitelist the redirect URLs and prevent redirection outside parent domain. 

i dont know what is the problem is that.and what they saying.

My understading  is
if login the application that redirect another un- validated page.
 
How to fix it what is the problem is that