-
-
Notifications
You must be signed in to change notification settings - Fork 677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add robot and anonymous display #1110
Conversation
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Bieber <artist@teable.io>
Deployment Status: ✅ Success |
Deployment Status: ✅ Success |
Deployment Status: ✅ Success |
window.location.href = redirect ? decodeURIComponent(redirect) : '/space'; | ||
}, [redirect]); | ||
if (redirect && redirect.startsWith('/')) { | ||
router.push(redirect); |
Check warning
Code scanning / CodeQL
Client-side URL redirect Medium
user-provided value
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to ensure that the redirect
URL is validated against a list of authorized paths. This can be done by maintaining a list of allowed paths and checking if the redirect
URL is in this list before performing the redirection. This approach ensures that only safe, predefined paths are used for redirection.
- Create a list of authorized paths.
- Check if the
redirect
URL is in the list of authorized paths. - If the
redirect
URL is not in the list, redirect to a default safe path.
-
Copy modified line R17 -
Copy modified line R21
@@ -16,2 +16,3 @@ | ||
const redirect = decodeURIComponent((router.query.redirect as string) || ''); | ||
const authorizedPaths = ['/space', '/profile', '/dashboard']; // Add authorized paths here | ||
const signType = router.pathname.endsWith('/signup') ? 'signup' : 'signin'; | ||
@@ -19,3 +20,3 @@ | ||
const onSuccess = useCallback(() => { | ||
if (redirect && redirect.startsWith('/')) { | ||
if (redirect && authorizedPaths.includes(redirect)) { | ||
router.push(redirect); |
Deployment Status: ✅ Success |
Deployment Status: ✅ Success |
🧹 Preview Environment Cleanup
|
No description provided.