mirror of
https://github.com/nuxt/nuxt.git
synced 2024-11-22 05:35:13 +00:00
fix(nuxt): disallow redirects to more script protocols (#22366)
Co-authored-by: Damian Głowala <48835293+DamianGlowala@users.noreply.github.com>
This commit is contained in:
parent
2616aadda6
commit
2f734df9b5
@ -75,7 +75,7 @@
|
||||
"semver": "7.5.4",
|
||||
"std-env": "3.3.3",
|
||||
"typescript": "5.1.6",
|
||||
"ufo": "1.1.2",
|
||||
"ufo": "1.2.0",
|
||||
"vite": "4.4.7",
|
||||
"vitest": "0.33.0",
|
||||
"vitest-environment-nuxt": "0.10.2",
|
||||
|
@ -47,7 +47,7 @@
|
||||
"pkg-types": "1.0.3",
|
||||
"scule": "1.0.0",
|
||||
"semver": "7.5.4",
|
||||
"ufo": "1.1.2",
|
||||
"ufo": "1.2.0",
|
||||
"unbuild": "latest"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
|
@ -91,7 +91,7 @@
|
||||
"prompts": "^2.4.2",
|
||||
"scule": "^1.0.0",
|
||||
"strip-literal": "^1.0.1",
|
||||
"ufo": "^1.1.2",
|
||||
"ufo": "^1.2.0",
|
||||
"ultrahtml": "^1.3.0",
|
||||
"uncrypto": "^0.1.3",
|
||||
"unctx": "^2.3.1",
|
||||
|
@ -2,7 +2,7 @@ import { getCurrentInstance, hasInjectionContext, inject, onUnmounted } from 'vu
|
||||
import type { Ref } from 'vue'
|
||||
import type { NavigationFailure, NavigationGuard, RouteLocationNormalized, RouteLocationPathRaw, RouteLocationRaw, Router, useRoute as _useRoute, useRouter as _useRouter } from '#vue-router'
|
||||
import { sanitizeStatusCode } from 'h3'
|
||||
import { hasProtocol, joinURL, parseURL, withQuery } from 'ufo'
|
||||
import { hasProtocol, isScriptProtocol, joinURL, parseURL, withQuery } from 'ufo'
|
||||
|
||||
import { useNuxtApp, useRuntimeConfig } from '../nuxt'
|
||||
import type { NuxtError } from './error'
|
||||
@ -133,11 +133,14 @@ export const navigateTo = (to: RouteLocationRaw | undefined | null, options?: Na
|
||||
}
|
||||
|
||||
const isExternal = options?.external || hasProtocol(toPath, { acceptRelative: true })
|
||||
if (isExternal && !options?.external) {
|
||||
throw new Error('Navigating to external URL is not allowed by default. Use `navigateTo (url, { external: true })`.')
|
||||
}
|
||||
if (isExternal && parseURL(toPath).protocol === 'script:') {
|
||||
throw new Error('Cannot navigate to an URL with script protocol.')
|
||||
if (isExternal) {
|
||||
if (!options?.external) {
|
||||
throw new Error('Navigating to an external URL is not allowed by default. Use `navigateTo(url, { external: true })`.')
|
||||
}
|
||||
const protocol = parseURL(toPath).protocol
|
||||
if (protocol && isScriptProtocol(protocol)) {
|
||||
throw new Error(`Cannot navigate to a URL with '${protocol}' protocol.`)
|
||||
}
|
||||
}
|
||||
|
||||
const inMiddleware = isProcessingMiddleware()
|
||||
|
@ -56,7 +56,7 @@
|
||||
"pkg-types": "^1.0.3",
|
||||
"postcss-import-resolver": "^2.0.0",
|
||||
"std-env": "^3.3.3",
|
||||
"ufo": "^1.1.2",
|
||||
"ufo": "^1.2.0",
|
||||
"unimport": "^3.1.0",
|
||||
"untyped": "^1.4.0"
|
||||
},
|
||||
|
@ -30,7 +30,7 @@
|
||||
"get-port-please": "^3.0.1",
|
||||
"ofetch": "^1.1.1",
|
||||
"pathe": "^1.1.1",
|
||||
"ufo": "^1.1.2"
|
||||
"ufo": "^1.2.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@jest/globals": "29.6.1",
|
||||
|
@ -55,7 +55,7 @@
|
||||
"rollup-plugin-visualizer": "^5.9.2",
|
||||
"std-env": "^3.3.3",
|
||||
"strip-literal": "^1.0.1",
|
||||
"ufo": "^1.1.2",
|
||||
"ufo": "^1.2.0",
|
||||
"unplugin": "^1.4.0",
|
||||
"vite": "^4.4.7",
|
||||
"vite-node": "^0.33.0",
|
||||
|
@ -49,7 +49,7 @@
|
||||
"pug-plain-loader": "^1.1.0",
|
||||
"std-env": "^3.3.3",
|
||||
"time-fix-plugin": "^2.0.7",
|
||||
"ufo": "^1.1.2",
|
||||
"ufo": "^1.2.0",
|
||||
"unplugin": "^1.4.0",
|
||||
"url-loader": "^4.1.1",
|
||||
"vue-bundle-renderer": "^1.0.3",
|
||||
|
@ -126,8 +126,8 @@ importers:
|
||||
specifier: 5.1.6
|
||||
version: 5.1.6
|
||||
ufo:
|
||||
specifier: 1.1.2
|
||||
version: 1.1.2
|
||||
specifier: 1.2.0
|
||||
version: 1.2.0
|
||||
vite:
|
||||
specifier: 4.4.7
|
||||
version: 4.4.7(@types/node@18.17.0)
|
||||
@ -326,8 +326,8 @@ importers:
|
||||
specifier: 7.5.4
|
||||
version: 7.5.4
|
||||
ufo:
|
||||
specifier: 1.1.2
|
||||
version: 1.1.2
|
||||
specifier: 1.2.0
|
||||
version: 1.2.0
|
||||
unbuild:
|
||||
specifier: latest
|
||||
version: 1.2.1
|
||||
@ -455,8 +455,8 @@ importers:
|
||||
specifier: ^1.0.1
|
||||
version: 1.0.1
|
||||
ufo:
|
||||
specifier: ^1.1.2
|
||||
version: 1.1.2
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
ultrahtml:
|
||||
specifier: ^1.3.0
|
||||
version: 1.3.0
|
||||
@ -543,8 +543,8 @@ importers:
|
||||
specifier: ^3.3.3
|
||||
version: 3.3.3
|
||||
ufo:
|
||||
specifier: ^1.1.2
|
||||
version: 1.1.2
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
unimport:
|
||||
specifier: ^3.1.0
|
||||
version: 3.1.0(rollup@3.26.3)
|
||||
@ -643,8 +643,8 @@ importers:
|
||||
specifier: ^1.1.1
|
||||
version: 1.1.1
|
||||
ufo:
|
||||
specifier: ^1.1.2
|
||||
version: 1.1.2
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
vue:
|
||||
specifier: ^3.3.4
|
||||
version: 3.3.4
|
||||
@ -752,8 +752,8 @@ importers:
|
||||
specifier: ^1.0.1
|
||||
version: 1.0.1
|
||||
ufo:
|
||||
specifier: ^1.1.2
|
||||
version: 1.1.2
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
unplugin:
|
||||
specifier: ^1.4.0
|
||||
version: 1.4.0
|
||||
@ -882,8 +882,8 @@ importers:
|
||||
specifier: ^2.0.7
|
||||
version: 2.0.7(webpack@5.88.2)
|
||||
ufo:
|
||||
specifier: ^1.1.2
|
||||
version: 1.1.2
|
||||
specifier: ^1.2.0
|
||||
version: 1.2.0
|
||||
unplugin:
|
||||
specifier: ^1.4.0
|
||||
version: 1.4.0
|
||||
@ -966,7 +966,7 @@ importers:
|
||||
devDependencies:
|
||||
ufo:
|
||||
specifier: latest
|
||||
version: 1.1.2
|
||||
version: 1.2.0
|
||||
unplugin:
|
||||
specifier: latest
|
||||
version: 1.4.0
|
||||
@ -5026,7 +5026,7 @@ packages:
|
||||
enhanced-resolve: 5.15.0
|
||||
mlly: 1.4.0
|
||||
pathe: 1.1.1
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
dev: false
|
||||
|
||||
/fast-deep-equal@3.1.3:
|
||||
@ -5470,7 +5470,7 @@ packages:
|
||||
destr: 2.0.0
|
||||
iron-webcrypto: 0.7.0
|
||||
radix3: 1.0.1
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
uncrypto: 0.1.3
|
||||
|
||||
/happy-dom@10.5.2:
|
||||
@ -6211,7 +6211,7 @@ packages:
|
||||
mlly: 1.4.0
|
||||
node-forge: 1.3.1
|
||||
pathe: 1.1.1
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
|
||||
/loader-runner@4.3.0:
|
||||
resolution: {integrity: sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==}
|
||||
@ -6580,7 +6580,7 @@ packages:
|
||||
acorn: 8.10.0
|
||||
pathe: 1.1.1
|
||||
pkg-types: 1.0.3
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
|
||||
/mri@1.2.0:
|
||||
resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==}
|
||||
@ -6686,7 +6686,7 @@ packages:
|
||||
serve-static: 1.15.0
|
||||
source-map-support: 0.5.21
|
||||
std-env: 3.3.3
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
uncrypto: 0.1.3
|
||||
unenv: 1.5.2
|
||||
unimport: 3.1.0(rollup@3.26.3)
|
||||
@ -6884,7 +6884,7 @@ packages:
|
||||
dependencies:
|
||||
destr: 2.0.0
|
||||
node-fetch-native: 1.2.0
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
|
||||
/ohash@1.1.2:
|
||||
resolution: {integrity: sha512-9CIOSq5945rI045GFtcO3uudyOkYVY1nyfFxVQp+9BRgslr8jPNiSSrsFGg/BNTUFOLqx0P5tng6G32brIPw0w==}
|
||||
@ -8547,8 +8547,8 @@ packages:
|
||||
resolution: {integrity: sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==}
|
||||
dev: true
|
||||
|
||||
/ufo@1.1.2:
|
||||
resolution: {integrity: sha512-TrY6DsjTQQgyS3E3dBaOXf0TpPD8u9FVrVYmKVegJuFw51n/YB9XPt+U6ydzFG5ZIN7+DIjPbNmXoBj9esYhgQ==}
|
||||
/ufo@1.2.0:
|
||||
resolution: {integrity: sha512-RsPyTbqORDNDxqAdQPQBpgqhWle1VcTSou/FraClYlHf6TZnQcGslpLcAphNR+sQW4q5lLWLbOsRlh9j24baQg==}
|
||||
|
||||
/ultrahtml@1.3.0:
|
||||
resolution: {integrity: sha512-xmXvE8tC8t4PVqy0/g1fe7H9USY/Brr425q4dD/0QbQMQit7siCtb06+SCqE4GfU24nwsZz8Th1g7L7mm1lL5g==}
|
||||
@ -8730,7 +8730,7 @@ packages:
|
||||
mri: 1.2.0
|
||||
node-fetch-native: 1.2.0
|
||||
ofetch: 1.1.1
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
transitivePeerDependencies:
|
||||
- supports-color
|
||||
|
||||
@ -9056,7 +9056,7 @@ packages:
|
||||
/vue-bundle-renderer@1.0.3:
|
||||
resolution: {integrity: sha512-EfjX+5TTUl70bki9hPuVp+54JiZOvFIfoWBcfXsSwLzKEiDYyHNi5iX8srnqLIv3YRnvxgbntdcG1WPq0MvffQ==}
|
||||
dependencies:
|
||||
ufo: 1.1.2
|
||||
ufo: 1.2.0
|
||||
|
||||
/vue-component-type-helpers@1.6.5:
|
||||
resolution: {integrity: sha512-iGdlqtajmiqed8ptURKPJ/Olz0/mwripVZszg6tygfZSIL9kYFPJTNY6+Q6OjWGznl2L06vxG5HvNvAnWrnzbg==}
|
||||
|
@ -19,7 +19,7 @@ describe.skipIf(process.env.SKIP_BUNDLE_SIZE === 'true' || process.env.ECOSYSTEM
|
||||
for (const outputDir of ['.output', '.output-inline']) {
|
||||
it('default client bundle size', async () => {
|
||||
const clientStats = await analyzeSizes('**/*.js', join(rootDir, outputDir, 'public'))
|
||||
expect.soft(roundToKilobytes(clientStats.totalBytes)).toMatchInlineSnapshot('"97.3k"')
|
||||
expect.soft(roundToKilobytes(clientStats.totalBytes)).toMatchInlineSnapshot('"97.4k"')
|
||||
expect(clientStats.files.map(f => f.replace(/\..*\.js/, '.js'))).toMatchInlineSnapshot(`
|
||||
[
|
||||
"_nuxt/entry.js",
|
||||
@ -32,7 +32,7 @@ describe.skipIf(process.env.SKIP_BUNDLE_SIZE === 'true' || process.env.ECOSYSTEM
|
||||
const serverDir = join(rootDir, '.output/server')
|
||||
|
||||
const serverStats = await analyzeSizes(['**/*.mjs', '!node_modules'], serverDir)
|
||||
expect.soft(roundToKilobytes(serverStats.totalBytes)).toMatchInlineSnapshot('"64.4k"')
|
||||
expect.soft(roundToKilobytes(serverStats.totalBytes)).toMatchInlineSnapshot('"64.5k"')
|
||||
|
||||
const modules = await analyzeSizes('node_modules/**/*', serverDir)
|
||||
expect.soft(roundToKilobytes(modules.totalBytes)).toMatchInlineSnapshot('"2330k"')
|
||||
|
Loading…
Reference in New Issue
Block a user