Use wp_safe_redirect(). No need to allow offsite redirects.

git-svn-id: http://svn.automattic.com/wordpress/branches/3.3@20486 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-comments-post.php

@@ -100,6 +100,6 @@ if ( !$user->ID ) {
 $location = empty($_POST['redirect_to']) ? get_comment_link($comment_id) : $_POST['redirect_to'] . '#comment-' . $comment_id;
 $location = apply_filters('comment_post_redirect', $location, $comment);
 
-wp_redirect($location);
+wp_safe_redirect( $location );
 exit;
 ?>