import { useRouter } from 'next/router'
export function nextRouter() {
const router = useRouter();
return (
{
router.push(router.query.foobar) // $ Alert
}}>Click to XSS 1
{
router.replace(router.query.foobar) // $ Alert
}}>Click to XSS 2
{
router.push('/?foobar=' + router.query.foobar)
}}>Safe Link
)
}
import { withRouter } from 'next/router'
function Page({ router }) {
return router.push(router.query.foobar)}>Click to XSS 3 // $ Alert
}
export const pageWithRouter = withRouter(Page);
import { myUseRouter } from './react-use-router-lib';
export function nextRouterWithLib() {
const router = myUseRouter()
return (
{
router.push(router.query.foobar) // $ Alert
}}>Click to XSS 1
)
}