Home > widget-integration > CartService > safeRedirect
CartService.safeRedirect() method
Safely redirect to URL with XSS protection Validates URL is relative path before redirecting to prevent security vulnerabilities
Security features: - Only allows relative URLs starting with / - Blocks protocol-relative URLs (//evil.com) - Blocks javascript:, data:, and other protocol handlers - Blocks absolute URLs to external sites
Signature:
protected safeRedirect(url: string): void;
Parameters
|
Parameter |
Type |
Description |
|---|---|---|
|
url |
string |
URL to redirect to (must be relative path starting with /) |
Returns:
void
Example
// Valid redirects
this.safeRedirect('/cart');
this.safeRedirect('/en/cart');
this.safeRedirect('/cart?source=widget');
// Invalid redirects (will be blocked and logged)
this.safeRedirect('javascript:alert(1)'); // ❌ Protocol handler
this.safeRedirect('//evil.com'); // ❌ Protocol-relative
this.safeRedirect('https://evil.com'); // ❌ Absolute URL