Login pages tend to take a parameter for redirecting back to a page
	    after successful login, e.g. /login?next=/notebooks/mynotebook.ipynb, so
	    that you aren't disrupted too much if you try to visit a page, but have
	    to authenticate first. An Open Redirect Vulnerability is when a
	    malicious person crafts a link pointing to the login page of a trusted
	    site, but setting the "redirect after successful login" parameter to
	    send the user to their own site, instead of a page on the authenticated
	    site (the notebook or JupyterHub server), e.g.
	    /login?next=http://badwebsite.biz. This doesn't necessarily compromise
	    anything immediately, but it enables phishing if users don't notice
	    that the domain has changed, e.g. by showing a fake "re-enter your
	    password" page. Servers generally have to validate the redirect URL to
	    avoid this. Both JupyterHub and Notebook already do this, but the
	    validation didn't take into account all possible ways to redirect to
	    other sites, so some malicious URLs could still be crafted to redirect
	    away from the server (the above example does not work in any recent
	    version of either package). Only certain browsers (Chrome and Firefox,
	    not Safari) could be redirected from the JupyterHub login page, but all
	    browsers could be redirected away from a standalone notebook server.