Always use sanitized navigation utilities instead of directly manipulating window.location with potentially user-influenced data to prevent cross-site scripting (XSS) vulnerabilities. User-provided values can contain malicious scripts that execute when inserted into navigation contexts.
Bad:
window.location.assign(this.newPath); // Dangerous if newPath contains user input
Good:
testableWindowLocation.assign(this.newPath); // Uses a wrapper that sanitizes inputs
Use wrapper functions or utilities that perform proper validation and sanitization of URLs before navigation. This approach not only improves security but also makes testing easier by providing a mockable interface for navigation operations.
Enter the URL of a public GitHub repository