Some possible implementations of this expose an open redirect (e.g., by passing returnURI=<something> where <something> can be anything). An open redirect here isn't necessarily inherently dangerous, but the minor inconvenience we'd avoid probably isn't worth the security risk.

(With Phurl, I think local redirects are now less safe than they once were and approximately as powerful as remote redirects; it's possible we may want to lock down next on login at some point.)

We could sign the returnURI with a session-specific secret and redirect only in the presence of a valid signature, although this is complex.

We can probably make this particular bubble use workflow so the dialog pops up on the same page, then have the server issue a ReloadResponse. This is probably the best solution, but requires JS.

Approximate implementation is:

• Get the workflow sigil onto the bubble, maybe with JX.Stratcom.addSigil(...) in the bubble rendering bit.
• Things maybe just work from there, as if by magic?
• Or maybe the click handler needs to know to invoke JX.Workflow some of the time.