-
Just asking |
Beta Was this translation helpful? Give feedback.
Answered by
franky47
Oct 25, 2024
Replies: 1 comment 2 replies
-
If you mean "does it protect you from doing things like this": const [redirect] = useQueryState('redirect')
const router = useRouter()
useEffect(() => {
router.replace(redirect)
}, [redirect]) Then no. A little userland logic is needed to prevent XSS. This can (and probably should) be done in a parser: const redirectParser = createParser({
parse(query) {
// Very basic check
if (query.startsWith('/') === false) {
return null // Possible XSS
}
return query
},
serialize(value) { return value }
})
function useRedirect() {
const [redirect] = useQueryState('redirect', redirectParser.withDefault('/'))
return redirect
} |
Beta Was this translation helpful? Give feedback.
2 replies
Answer selected by
franky47
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If you mean "does it protect you from doing things like this":
Then no. A little userland logic is needed to prevent XSS. This can (and probably should) be done in a parser: