@trendyol-js/safe-redirect v1.7.2
safe-redirect
safe-redirect is a library which resolves open-redirection vulnerability when we need to make client-side redirection to a path taken from query string.
Example
For example, we have /login
page and after successful login we need to redirect user to a path. Referrer can state the redirection path using callback
query string parameter. Url looks like:
https://domain.com/login?callback=/payment
In /login
page, after successful login, we implement the aforementioned requirement in this way:
// successful login
const path = new URLSearchParams(window.location.search).get("callback");
window.location.assign(path);
And here we have a open-redirection vulnerability
Case 1
https://fake.com
can redirect user to domain.com/login?callback=https://fake.com/fake
, after successful login, the user will be redirected to https://fake.com/fake
.
Case 2
A site can redirect user to domain.com/login?callback=javascript:alert(document.cookie)
and execute custom javascript code. (sensitive user data can be stolen, etc).
Solution
safe-redirect library solves this vulnerability. Simply:
npm i @trendyol-js/safe-redirect
import { redirect } from "@trendyol-js/safe-redirect";
// successful login
redirect("callback"); // give name of the query parameter