Skip to content

Commit

Permalink
docs(examples/jokes): add validation to prevent open redirect on login (
Browse files Browse the repository at this point in the history 
remix-run#2499)

* docs(examples/jokes): add validation to prevent open redirect on login

* CLA Signed

* Update examples/jokes/app/routes/login.tsx

* Update docs/tutorials/jokes.md

* Update docs/tutorials/jokes.md

Co-authored-by: Kent C. Dodds <me+github@kentcdodds.com>
  • Loading branch information
@LewisArdern @kentcdodds
LewisArdern and kentcdodds authored Mar 26, 2022
1 parent 9fdc773 commit 2173cff
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 4 deletions.
1 change: 1 addition & 0 deletions contributors.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -302,3 +302,4 @@
- youngvform
- zachdtaylor
- zainfathoni
- LewisArdern
31 changes: 28 additions & 3 deletions docs/tutorials/jokes.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2553,6 +2553,15 @@ function validatePassword(password: unknown) {
}
}

function validateUrl(url: any) {
console.log(url)
let urls = ['/jokes','/','https://remix.run']
if (urls.includes(url)) {
return url
}
return '/jokes'
}

type ActionData = {
formError?: string;
fieldErrors?: {
Expand All @@ -2576,7 +2585,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
const redirectTo = form.get("redirectTo") || "/jokes";
const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
Expand Down Expand Up @@ -3720,6 +3729,14 @@ function validatePassword(password: unknown) {
}
}

function validateUrl(url: any) {
let urls = ['/jokes','/','https://remix.run']
if (urls.includes(url)) {
return url
}
return '/jokes'
}

type ActionData = {
formError?: string;
fieldErrors?: {
Expand All @@ -3743,7 +3760,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
const redirectTo = form.get("redirectTo") || "/jokes";
const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
Expand Down Expand Up @@ -5060,6 +5077,14 @@ function validatePassword(password: unknown) {
}
}

function validateUrl(url: any) {
let urls = ['/jokes','/','https://remix.run']
if (urls.includes(url)) {
return url
}
return '/jokes'
}

type ActionData = {
formError?: string;
fieldErrors?: {
Expand All @@ -5083,7 +5108,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
const redirectTo = form.get("redirectTo") || "/jokes";
const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
Expand Down
10 changes: 9 additions & 1 deletion examples/jokes/app/routes/login.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ function validatePassword(password: unknown) {
}
}

function validateUrl(url: any) {
let urls = ['/jokes','/','https://remix.run']
if (urls.includes(url)) {
return url
}
return '/jokes'
}

type ActionData = {
formError?: string;
fieldErrors?: { username: string | undefined; password: string | undefined };
Expand All @@ -45,7 +53,7 @@ export const action: ActionFunction = async ({ request }) => {
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
const redirectTo = form.get("redirectTo") || "/jokes";
const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
Expand Down

0 comments on commit 2173cff

Please sign in to comment.