Possible security issue: Malicious redirect on form with embedded form