feat: implement validateRedirect utility for open redirect protection

2025-12-12 13:57:44 +01:00
parent 8867dff780
commit 64d9df5469
3 changed files with 25 additions and 9 deletions
--- a/app/utils/validateRedirect.ts
+++ b/app/utils/validateRedirect.ts
@@ -0,0 +1,9 @@
+export const validateRedirect = (redirect: string | unknown, fallback = '/dashboard'): string => {
+  if (typeof redirect !== 'string') {
+    return fallback;
+  }
+  if (redirect.startsWith('/') && !redirect.startsWith('//')) {
+    return redirect;
+  }
+  return fallback;
+}