Skip to content

ybg555/redirect-safely

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
bigang.ybg
Jun 14, 2017
c5f7a71 · Jun 14, 2017

History

2 Commits
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017
Jun 14, 2017

Repository files navigation

redirect-safely

Travis npm npm node

服务端未对传入的跳转 url 变量进行检查和控制,可能导致可恶意构造任意一个恶意地址,诱导用户跳转到恶意网站。判断重定向的域名是否在白名单列表中,封堵url钓鱼;

Installation

npm i --save redirect-safely

Usages

const redirectByWhiteList = require('redirect-safely');

const href = this.href; // 重定向的域名
const whiteList = [ '.baidu.com', 'alibaba-inc.com', '.qq.com' ]; // 白名单列表,自己配置和获取,格式为通域;
const result = redirectByWhiteList(href, whiteList);

if(result) {
  this.redirect(href); // 允许重定向
} else {
  // 打错误日志+自定义逻辑
}

Issues

Submit the issues if you find any bug or have any suggestion.

Contribution

Fork the repository and submit pull requests.

Release Notes

CHANGELOG

License

npm

About

redirect by whiteList

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published