@tanstack/react-router 1.159.14 → 1.160.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/Asset.cjs +33 -19
- package/dist/cjs/Asset.cjs.map +1 -1
- package/dist/cjs/index.cjs +4 -0
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/cjs/index.d.cts +1 -1
- package/dist/cjs/index.dev.cjs +4 -0
- package/dist/cjs/index.dev.cjs.map +1 -1
- package/dist/cjs/link.cjs +6 -6
- package/dist/cjs/link.cjs.map +1 -1
- package/dist/esm/Asset.js +33 -19
- package/dist/esm/Asset.js.map +1 -1
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.dev.js +2 -1
- package/dist/esm/index.js +2 -1
- package/dist/esm/link.js +6 -6
- package/dist/esm/link.js.map +1 -1
- package/dist/llms/rules/api.d.ts +1 -1
- package/dist/llms/rules/api.js +35 -0
- package/dist/llms/rules/guide.d.ts +1 -1
- package/dist/llms/rules/guide.js +2821 -253
- package/dist/llms/rules/installation.d.ts +1 -1
- package/dist/llms/rules/installation.js +376 -357
- package/dist/llms/rules/routing.d.ts +1 -1
- package/dist/llms/rules/routing.js +436 -31
- package/dist/llms/rules/setup-and-architecture.d.ts +1 -1
- package/dist/llms/rules/setup-and-architecture.js +253 -90
- package/package.json +2 -2
- package/src/Asset.tsx +45 -17
- package/src/index.tsx +6 -1
- package/src/link.tsx +7 -7
package/dist/llms/rules/api.js
CHANGED
|
@@ -1553,6 +1553,41 @@ The \`RouterOptions\` type accepts an object with the following properties and m
|
|
|
1553
1553
|
- When \`true\`, disables the global catch boundary that normally wraps all route matches. This allows unhandled errors to bubble up to top-level error handlers in the browser.
|
|
1554
1554
|
- Useful for testing tools, error reporting services, and debugging scenarios.
|
|
1555
1555
|
|
|
1556
|
+
### \`protocolAllowlist\` property
|
|
1557
|
+
|
|
1558
|
+
- Type: \`Array<string>\`
|
|
1559
|
+
- Optional
|
|
1560
|
+
- Defaults to \`DEFAULT_PROTOCOL_ALLOWLIST\` which includes:
|
|
1561
|
+
- Web navigation: \`http:\`, \`https:\`
|
|
1562
|
+
- Common browser-safe actions: \`mailto:\`, \`tel:\`
|
|
1563
|
+
- An array of URL protocols that are allowed in links, redirects, and navigation. Absolute URLs with protocols not in this list are rejected to prevent security vulnerabilities like XSS attacks.
|
|
1564
|
+
- This check is applied across router navigation APIs, including:
|
|
1565
|
+
- \`<Link to="...">\`
|
|
1566
|
+
- \`navigate({ to: ... })\` and \`navigate({ href: ... })\`
|
|
1567
|
+
- \`redirect({ to: ... })\` and \`redirect({ href: ... })\`
|
|
1568
|
+
- Protocol entries must match \`URL.protocol\` format (lowercase with a trailing \`:\`), for example \`blob:\` or \`data:\`. If you configure \`protocolAllowlist: ['blob']\` (without \`:\`), links using \`blob:\` will still be blocked.
|
|
1569
|
+
|
|
1570
|
+
**Example**
|
|
1571
|
+
|
|
1572
|
+
\`\`\`tsx
|
|
1573
|
+
import {
|
|
1574
|
+
createRouter,
|
|
1575
|
+
DEFAULT_PROTOCOL_ALLOWLIST,
|
|
1576
|
+
} from '@tanstack/react-router'
|
|
1577
|
+
|
|
1578
|
+
// Use a custom allowlist (replaces the default)
|
|
1579
|
+
const router = createRouter({
|
|
1580
|
+
routeTree,
|
|
1581
|
+
protocolAllowlist: ['https:', 'mailto:'],
|
|
1582
|
+
})
|
|
1583
|
+
|
|
1584
|
+
// Or extend the default allowlist
|
|
1585
|
+
const router = createRouter({
|
|
1586
|
+
routeTree,
|
|
1587
|
+
protocolAllowlist: [...DEFAULT_PROTOCOL_ALLOWLIST, 'ftp:'],
|
|
1588
|
+
})
|
|
1589
|
+
\`\`\`
|
|
1590
|
+
|
|
1556
1591
|
### \`defaultViewTransition\` property
|
|
1557
1592
|
|
|
1558
1593
|
- Type: \`boolean | ViewTransitionOptions\`
|