Security: Could Sveltekit please expose a function, to check if a string is a valid routable route in the app #13565
alexbjorlig
started this conversation in
Ideas
Replies: 1 comment
-
|
I'd love to know the reason why the validation is needed in your example |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The Problem
I need to determine whether a given string, such as
tenantname/abc/fge, matches one of the valid routes in our app. The challenge is to correctly interpret the dynamic segments (e.g.,[tenant=org_slug]) and validate if the input string aligns with the defined route pattern.Expected Behavior
tenantname/abc/fge, the system should confirm if it corresponds to a valid SvelteKit route (e.g.,/app/[tenant=org_slug]/abc/fge).redirect_uris, ensuring robust and secure validation is critical.Implementation Ideas
Convert Route Patterns to Regular Expressions:
Transform SvelteKit route patterns into regular expressions. For example, convert
[tenant=org_slug]into a regex pattern that matches valid tenant names.Pre-generate Route Mappings:
Consider generating a mapping of all valid route patterns at build time from
route_meta_data.json. This mapping can then be used at runtime to efficiently validateredirect_uris.Validation Function:
Create a function that iterates over the list of valid route patterns (or regexes) and checks if the provided
redirect_urimatches any of them.Error Handling:
Ensure that the function provides clear feedback when a
redirect_uriis not valid, possibly logging or handling errors in a way that prevents misuse or security issues.Discussion Points
Beta Was this translation helpful? Give feedback.
All reactions