Malicious HTML content could be injected into the page pretix shows when
redirection to an untrusted page occurs. Since this page has a
Content-Security-Policy, this can mainly be used for phishing purposes.