@remix-run/router 1.23.1-pre-v6.0 → 1.23.2-pre-v6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -1
- package/dist/router.cjs.js +18 -4
- package/dist/router.cjs.js.map +1 -1
- package/dist/router.js +18 -4
- package/dist/router.js.map +1 -1
- package/dist/router.umd.js +18 -4
- package/dist/router.umd.js.map +1 -1
- package/dist/router.umd.min.js +2 -2
- package/dist/router.umd.min.js.map +1 -1
- package/package.json +1 -1
- package/router.ts +33 -3
package/dist/router.umd.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* @remix-run/router v1.23.
|
|
2
|
+
* @remix-run/router v1.23.2-pre-v6.0
|
|
3
3
|
*
|
|
4
4
|
* Copyright (c) Remix Software Inc.
|
|
5
5
|
*
|
|
@@ -2533,7 +2533,7 @@
|
|
|
2533
2533
|
// If the user didn't explicity indicate replace behavior, replace if
|
|
2534
2534
|
// we redirected to the exact same location we're currently at to avoid
|
|
2535
2535
|
// double back-buttons
|
|
2536
|
-
let location = normalizeRedirectLocation(result.response.headers.get("Location"), new URL(request.url), basename);
|
|
2536
|
+
let location = normalizeRedirectLocation(result.response.headers.get("Location"), new URL(request.url), basename, init.history);
|
|
2537
2537
|
replace = location === state.location.pathname + state.location.search;
|
|
2538
2538
|
}
|
|
2539
2539
|
await startRedirectNavigation(request, result, true, {
|
|
@@ -3173,7 +3173,7 @@
|
|
|
3173
3173
|
}
|
|
3174
3174
|
let location = redirect.response.headers.get("Location");
|
|
3175
3175
|
invariant(location, "Expected a Location header on the redirect Response");
|
|
3176
|
-
location = normalizeRedirectLocation(location, new URL(request.url), basename);
|
|
3176
|
+
location = normalizeRedirectLocation(location, new URL(request.url), basename, init.history);
|
|
3177
3177
|
let redirectLocation = createLocation(state.location, location, {
|
|
3178
3178
|
_isRedirect: true
|
|
3179
3179
|
});
|
|
@@ -4956,16 +4956,30 @@
|
|
|
4956
4956
|
}
|
|
4957
4957
|
return response;
|
|
4958
4958
|
}
|
|
4959
|
-
function normalizeRedirectLocation(location, currentUrl, basename) {
|
|
4959
|
+
function normalizeRedirectLocation(location, currentUrl, basename, historyInstance) {
|
|
4960
|
+
// Match Chrome's behavior:
|
|
4961
|
+
// https://github.com/chromium/chromium/blob/216dbeb61db0c667e62082e5f5400a32d6983df3/content/public/common/url_utils.cc#L82
|
|
4962
|
+
let invalidProtocols = ["about:", "blob:", "chrome:", "chrome-untrusted:", "content:", "data:", "devtools:", "file:", "filesystem:",
|
|
4963
|
+
// eslint-disable-next-line no-script-url
|
|
4964
|
+
"javascript:"];
|
|
4960
4965
|
if (ABSOLUTE_URL_REGEX.test(location)) {
|
|
4961
4966
|
// Strip off the protocol+origin for same-origin + same-basename absolute redirects
|
|
4962
4967
|
let normalizedLocation = location;
|
|
4963
4968
|
let url = normalizedLocation.startsWith("//") ? new URL(currentUrl.protocol + normalizedLocation) : new URL(normalizedLocation);
|
|
4969
|
+
if (invalidProtocols.includes(url.protocol)) {
|
|
4970
|
+
throw new Error("Invalid redirect location");
|
|
4971
|
+
}
|
|
4964
4972
|
let isSameBasename = stripBasename(url.pathname, basename) != null;
|
|
4965
4973
|
if (url.origin === currentUrl.origin && isSameBasename) {
|
|
4966
4974
|
return url.pathname + url.search + url.hash;
|
|
4967
4975
|
}
|
|
4968
4976
|
}
|
|
4977
|
+
try {
|
|
4978
|
+
let url = historyInstance.createURL(location);
|
|
4979
|
+
if (invalidProtocols.includes(url.protocol)) {
|
|
4980
|
+
throw new Error("Invalid redirect location");
|
|
4981
|
+
}
|
|
4982
|
+
} catch (e) {}
|
|
4969
4983
|
return location;
|
|
4970
4984
|
}
|
|
4971
4985
|
|