fix: redirect param (#601)

Author: Cahllagerfeld

src/components/survey/SuccessStep.tsx

@@ -1,9 +1,10 @@
-import { Box, Button } from "@zenml-io/react-component-library";
+import ArrowRight from "@/assets/icons/arrow-right.svg?react";
 import CheckCircle from "@/assets/icons/check-circle.svg?react";
-import { Link, useSearchParams } from "react-router-dom";
+import { urlSchema } from "@/lib/url";
 import { routes } from "@/router/routes";
+import { Box, Button } from "@zenml-io/react-component-library";
 import { ReactNode } from "react";
-import ArrowRight from "@/assets/icons/arrow-right.svg?react";
+import { Link, useSearchParams } from "react-router-dom";
 
 type Props = {
 	username: string;
@@ -15,6 +16,8 @@ export function SuccessStep({ username, subHeader, displayBody = true }: Props)
 	const [params] = useSearchParams();
 
 	const redirect = params.get("redirect");
+	const sanitizedRedirect = redirect && `${window.location.origin}${redirect}`;
+	const isUrl = urlSchema.safeParse(sanitizedRedirect);
 
 	return (
 		<Box className="flex max-w-[540px] flex-col items-center justify-center space-y-7 px-7 py-9">
@@ -34,7 +37,7 @@ export function SuccessStep({ username, subHeader, displayBody = true }: Props)
 					</p>
 				)}
 				<Button className="inline-flex" size="md" intent="primary" asChild>
-					<Link to={redirect || routes.home}>
+					<Link to={isUrl.success ? isUrl.data : routes.home}>
 						<span>Go to Dashboard</span>
 						<ArrowRight className="h-5 w-5 fill-white" />
 					</Link>

src/lib/url.ts

@@ -1,3 +1,5 @@
+import { z } from "zod";
+
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export function objectToSearchParams(object: Record<string, any>) {
 	return new URLSearchParams(
@@ -28,3 +30,5 @@ function _sanitizeUrl(url: string): string {
 export function sanitizeUrl(url = "about:blank"): string {
 	return _sanitizeUrl(String(url).trim());
 }
+
+export const urlSchema = z.string().url();