I have this URL that I sometimes use to redirect my users. It looks like:
https://mywebsite.com/?redirectTo=
However, I'm checking if the domain part of the parameter ends with:
google.com
mydomains.com
and some other domains I consider valid.
So. Can someone can and hack my website if I have those checks in place?