@remix-run/router 1.23.1-pre-v6.0 → 1.23.2-pre-v6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -1
- package/dist/router.cjs.js +18 -4
- package/dist/router.cjs.js.map +1 -1
- package/dist/router.js +18 -4
- package/dist/router.js.map +1 -1
- package/dist/router.umd.js +18 -4
- package/dist/router.umd.js.map +1 -1
- package/dist/router.umd.min.js +2 -2
- package/dist/router.umd.min.js.map +1 -1
- package/package.json +1 -1
- package/router.ts +33 -3
package/package.json
CHANGED
package/router.ts
CHANGED
|
@@ -1783,7 +1783,8 @@ export function createRouter(init: RouterInit): Router {
|
|
|
1783
1783
|
let location = normalizeRedirectLocation(
|
|
1784
1784
|
result.response.headers.get("Location")!,
|
|
1785
1785
|
new URL(request.url),
|
|
1786
|
-
basename
|
|
1786
|
+
basename,
|
|
1787
|
+
init.history,
|
|
1787
1788
|
);
|
|
1788
1789
|
replace = location === state.location.pathname + state.location.search;
|
|
1789
1790
|
}
|
|
@@ -2695,7 +2696,8 @@ export function createRouter(init: RouterInit): Router {
|
|
|
2695
2696
|
location = normalizeRedirectLocation(
|
|
2696
2697
|
location,
|
|
2697
2698
|
new URL(request.url),
|
|
2698
|
-
basename
|
|
2699
|
+
basename,
|
|
2700
|
+
init.history,
|
|
2699
2701
|
);
|
|
2700
2702
|
let redirectLocation = createLocation(state.location, location, {
|
|
2701
2703
|
_isRedirect: true,
|
|
@@ -5154,19 +5156,47 @@ function normalizeRelativeRoutingRedirectResponse(
|
|
|
5154
5156
|
function normalizeRedirectLocation(
|
|
5155
5157
|
location: string,
|
|
5156
5158
|
currentUrl: URL,
|
|
5157
|
-
basename: string
|
|
5159
|
+
basename: string,
|
|
5160
|
+
historyInstance: History,
|
|
5158
5161
|
): string {
|
|
5162
|
+
// Match Chrome's behavior:
|
|
5163
|
+
// https://github.com/chromium/chromium/blob/216dbeb61db0c667e62082e5f5400a32d6983df3/content/public/common/url_utils.cc#L82
|
|
5164
|
+
let invalidProtocols = [
|
|
5165
|
+
"about:",
|
|
5166
|
+
"blob:",
|
|
5167
|
+
"chrome:",
|
|
5168
|
+
"chrome-untrusted:",
|
|
5169
|
+
"content:",
|
|
5170
|
+
"data:",
|
|
5171
|
+
"devtools:",
|
|
5172
|
+
"file:",
|
|
5173
|
+
"filesystem:",
|
|
5174
|
+
// eslint-disable-next-line no-script-url
|
|
5175
|
+
"javascript:",
|
|
5176
|
+
];
|
|
5177
|
+
|
|
5159
5178
|
if (ABSOLUTE_URL_REGEX.test(location)) {
|
|
5160
5179
|
// Strip off the protocol+origin for same-origin + same-basename absolute redirects
|
|
5161
5180
|
let normalizedLocation = location;
|
|
5162
5181
|
let url = normalizedLocation.startsWith("//")
|
|
5163
5182
|
? new URL(currentUrl.protocol + normalizedLocation)
|
|
5164
5183
|
: new URL(normalizedLocation);
|
|
5184
|
+
if (invalidProtocols.includes(url.protocol)) {
|
|
5185
|
+
throw new Error("Invalid redirect location");
|
|
5186
|
+
}
|
|
5165
5187
|
let isSameBasename = stripBasename(url.pathname, basename) != null;
|
|
5166
5188
|
if (url.origin === currentUrl.origin && isSameBasename) {
|
|
5167
5189
|
return url.pathname + url.search + url.hash;
|
|
5168
5190
|
}
|
|
5169
5191
|
}
|
|
5192
|
+
|
|
5193
|
+
try {
|
|
5194
|
+
let url = historyInstance.createURL(location);
|
|
5195
|
+
if (invalidProtocols.includes(url.protocol)) {
|
|
5196
|
+
throw new Error("Invalid redirect location");
|
|
5197
|
+
}
|
|
5198
|
+
} catch (e) {}
|
|
5199
|
+
|
|
5170
5200
|
return location;
|
|
5171
5201
|
}
|
|
5172
5202
|
|