redirect-safely

服务端未对传入的跳转 url 变量进行检查和控制，可能导致可恶意构造任意一个恶意地址，诱导用户跳转到恶意网站。判断重定向的域名是否在白名单列表中，封堵url钓鱼；

Installation

npm i --save redirect-safely

Usages

const redirectByWhiteList = require('redirect-safely');
 
const href = this.href; // 重定向的域名
const whiteList = [ '.baidu.com', 'alibaba-inc.com', '.qq.com' ]; // 白名单列表，自己配置和获取，格式为通域；
const result = redirectByWhiteList(href, whiteList);
 
if(result) {
  this.redirect(href); // 允许重定向
} else {
  // 打错误日志+自定义逻辑
}

Issues

Submit the issues if you find any bug or have any suggestion.

Contribution

Fork the repository and submit pull requests.

Release Notes

CHANGELOG

redirect-safely

redirect-safely

Installation

Usages

Issues

Contribution

Release Notes

License

Dependents (0)

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Last publish

Collaborators

redirect-safely

redirect-safely

Installation

Usages

Issues

Contribution

Release Notes

License

Dependents (0)

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Last publish

Collaborators

Weekly Downloads