You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add safe redirect path helpers and reject protocol-relative or backslash-based redirect targets before appending redirect parameters.
Tested: pnpm run lint && pnpm run typecheck && pnpm test tests/url.test.ts
`Invalid redirect path: "${redirectPath}". Redirect paths must be absolute paths starting with '/'.`,
18
-
);
19
-
}
15
+
// eslint-disable-next-line style/max-len
16
+
if(!isSafeRedirectPath(redirectPath))thrownewError(`Invalid redirect path: "${redirectPath}". Redirect paths must be safe same-origin paths starting with '/'.`);
0 commit comments