fix: possible open redirect, xss

opengovsg / starter-kit

A technical kit to quickly build new products

https://start.open.gov.sg

MIT License

36 stars 6 forks source link

fix: possible open redirect, xss #306

Closed zeyu2001 closed 1 month ago

zeyu2001 commented 2 months ago

Validate callback URLs with URL validator from starter-kitty. This fixes potential open redirects and XSS issues caused by Next.js router.push() behaviour.

vercel[bot] commented 2 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
starter-kit	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 22, 2024 8:44am

karrui commented 1 month ago

verified callbackUrl still works, merging.