diff --git a/contributors.yml b/contributors.yml index 555d80e01cf..739c2fdf3fa 100644 --- a/contributors.yml +++ b/contributors.yml @@ -302,3 +302,4 @@ - youngvform - zachdtaylor - zainfathoni +- LewisArdern \ No newline at end of file diff --git a/docs/tutorials/jokes.md b/docs/tutorials/jokes.md index a62fa824212..de3b02fa2d4 100644 --- a/docs/tutorials/jokes.md +++ b/docs/tutorials/jokes.md @@ -2553,6 +2553,15 @@ function validatePassword(password: unknown) { } } +function validateUrl(url: any) { + console.log(url) + let urls = ['/jokes','/','https://remix.run'] + if (urls.includes(url)) { + return url + } + return '/jokes' +} + type ActionData = { formError?: string; fieldErrors?: { @@ -2576,7 +2585,7 @@ export const action: ActionFunction = async ({ const loginType = form.get("loginType"); const username = form.get("username"); const password = form.get("password"); - const redirectTo = form.get("redirectTo") || "/jokes"; + const redirectTo = validateUrl(form.get("redirectTo") || '/jokes'); if ( typeof loginType !== "string" || typeof username !== "string" || @@ -3720,6 +3729,14 @@ function validatePassword(password: unknown) { } } +function validateUrl(url: any) { + let urls = ['/jokes','/','https://remix.run'] + if (urls.includes(url)) { + return url + } + return '/jokes' +} + type ActionData = { formError?: string; fieldErrors?: { @@ -3743,7 +3760,7 @@ export const action: ActionFunction = async ({ const loginType = form.get("loginType"); const username = form.get("username"); const password = form.get("password"); - const redirectTo = form.get("redirectTo") || "/jokes"; + const redirectTo = validateUrl(form.get("redirectTo") || '/jokes'); if ( typeof loginType !== "string" || typeof username !== "string" || @@ -5060,6 +5077,14 @@ function validatePassword(password: unknown) { } } +function validateUrl(url: any) { + let urls = ['/jokes','/','https://remix.run'] + if (urls.includes(url)) { + return url + } + return '/jokes' +} + type ActionData = { formError?: string; fieldErrors?: { @@ -5083,7 +5108,7 @@ export const action: ActionFunction = async ({ const loginType = form.get("loginType"); const username = form.get("username"); const password = form.get("password"); - const redirectTo = form.get("redirectTo") || "/jokes"; + const redirectTo = validateUrl(form.get("redirectTo") || '/jokes'); if ( typeof loginType !== "string" || typeof username !== "string" || diff --git a/examples/jokes/app/routes/login.tsx b/examples/jokes/app/routes/login.tsx index 513444427bf..5b9673c794a 100644 --- a/examples/jokes/app/routes/login.tsx +++ b/examples/jokes/app/routes/login.tsx @@ -27,6 +27,14 @@ function validatePassword(password: unknown) { } } +function validateUrl(url: any) { + let urls = ['/jokes','/','https://remix.run'] + if (urls.includes(url)) { + return url + } + return '/jokes' +} + type ActionData = { formError?: string; fieldErrors?: { username: string | undefined; password: string | undefined }; @@ -45,7 +53,7 @@ export const action: ActionFunction = async ({ request }) => { const loginType = form.get("loginType"); const username = form.get("username"); const password = form.get("password"); - const redirectTo = form.get("redirectTo") || "/jokes"; + const redirectTo = validateUrl(form.get("redirectTo") || '/jokes'); if ( typeof loginType !== "string" || typeof username !== "string" ||