diff --git a/contributors.yml b/contributors.yml
index 555d80e01cf..739c2fdf3fa 100644
--- a/contributors.yml
+++ b/contributors.yml
@@ -302,3 +302,4 @@
- youngvform
- zachdtaylor
- zainfathoni
+- LewisArdern
\ No newline at end of file
diff --git a/docs/tutorials/jokes.md b/docs/tutorials/jokes.md
index a62fa824212..de3b02fa2d4 100644
--- a/docs/tutorials/jokes.md
+++ b/docs/tutorials/jokes.md
@@ -2553,6 +2553,15 @@ function validatePassword(password: unknown) {
}
}
+function validateUrl(url: any) {
+ console.log(url)
+ let urls = ['/jokes','/','https://remix.run']
+ if (urls.includes(url)) {
+ return url
+ }
+ return '/jokes'
+}
+
type ActionData = {
formError?: string;
fieldErrors?: {
@@ -2576,7 +2585,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
- const redirectTo = form.get("redirectTo") || "/jokes";
+ const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
@@ -3720,6 +3729,14 @@ function validatePassword(password: unknown) {
}
}
+function validateUrl(url: any) {
+ let urls = ['/jokes','/','https://remix.run']
+ if (urls.includes(url)) {
+ return url
+ }
+ return '/jokes'
+}
+
type ActionData = {
formError?: string;
fieldErrors?: {
@@ -3743,7 +3760,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
- const redirectTo = form.get("redirectTo") || "/jokes";
+ const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
@@ -5060,6 +5077,14 @@ function validatePassword(password: unknown) {
}
}
+function validateUrl(url: any) {
+ let urls = ['/jokes','/','https://remix.run']
+ if (urls.includes(url)) {
+ return url
+ }
+ return '/jokes'
+}
+
type ActionData = {
formError?: string;
fieldErrors?: {
@@ -5083,7 +5108,7 @@ export const action: ActionFunction = async ({
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
- const redirectTo = form.get("redirectTo") || "/jokes";
+ const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||
diff --git a/examples/jokes/app/routes/login.tsx b/examples/jokes/app/routes/login.tsx
index 513444427bf..5b9673c794a 100644
--- a/examples/jokes/app/routes/login.tsx
+++ b/examples/jokes/app/routes/login.tsx
@@ -27,6 +27,14 @@ function validatePassword(password: unknown) {
}
}
+function validateUrl(url: any) {
+ let urls = ['/jokes','/','https://remix.run']
+ if (urls.includes(url)) {
+ return url
+ }
+ return '/jokes'
+}
+
type ActionData = {
formError?: string;
fieldErrors?: { username: string | undefined; password: string | undefined };
@@ -45,7 +53,7 @@ export const action: ActionFunction = async ({ request }) => {
const loginType = form.get("loginType");
const username = form.get("username");
const password = form.get("password");
- const redirectTo = form.get("redirectTo") || "/jokes";
+ const redirectTo = validateUrl(form.get("redirectTo") || '/jokes');
if (
typeof loginType !== "string" ||
typeof username !== "string" ||