Security: Could Sveltekit please expose a function, to check if a string is a valid routable route in the app #13565
alexbjorlig
started this conversation in
Ideas
Replies: 1 comment
-
|
I'd love to know the reason why the validation is needed in your example |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The Problem
I need to determine whether a given string, such as
tenantname/abc/fge, matches one of the valid routes in our app. The challenge is to correctly interpret the dynamic segments (e.g.,[tenant=org_slug]) and validate if the input string aligns with the defined route pattern.Expected Behavior
tenantname/abc/fge, the system should confirm if it corresponds to a valid SvelteKit route (e.g.,/app/[tenant=org_slug]/abc/fge).redirect_uris, ensuring robust and secure validation is critical.Implementation Ideas
Convert Route Patterns to Regular Expressions:
Transform SvelteKit route patterns into regular expressions. For example, convert
[tenant=org_slug]into a regex pattern that matches valid tenant names.Pre-generate Route Mappings:
Consider generating a mapping of all valid route patterns at build time from
route_meta_data.json. This mapping can then be used at runtime to efficiently validateredirect_uris.Validation Function:
Create a function that iterates over the list of valid route patterns (or regexes) and checks if the provided
redirect_urimatches any of them.Error Handling:
Ensure that the function provides clear feedback when a
redirect_uriis not valid, possibly logging or handling errors in a way that prevents misuse or security issues.Discussion Points
Beta Was this translation helpful? Give feedback.
All reactions