diff --git a/frontend/src/pages/login.tsx b/frontend/src/pages/login.tsx
index 12c3c7a..4f2bd5b 100644
--- a/frontend/src/pages/login.tsx
+++ b/frontend/src/pages/login.tsx
@@ -1,13 +1,11 @@
import { Icon } from "@iconify/react";
import { useStore } from "@nanostores/react";
-import { Link, useNavigate } from "react-router";
+import { Link, Navigate } from "react-router";
import { session } from "../session";
export default function LoginPage() {
- const navigate = useNavigate();
const $session = useStore(session);
-
- if ($session) navigate("/");
+ if ($session) return ;
const API_URL = import.meta.env.VITE_API_URL;
diff --git a/frontend/src/pages/out.tsx b/frontend/src/pages/out.tsx
index 16f85dc..f8004dd 100644
--- a/frontend/src/pages/out.tsx
+++ b/frontend/src/pages/out.tsx
@@ -6,20 +6,29 @@ export default function LinkOutPage() {
const [searchParams] = useSearchParams();
const url = searchParams.get("url");
- if (!url || Array.isArray(url)) navigate("/");
+ if (!url) {
+ navigate("/");
+ return null;
+ }
let parsed: URL;
try {
parsed = new URL(url);
} catch {
navigate("/"); // redirect if URL is invalid
+ return null;
}
- // Next.js doesn't allow attacks like these but you can never be too safe
- if (!["http:", "https:"].includes(parsed.protocol)) navigate("/");
+ if (!["http:", "https:"].includes(parsed.protocol)) {
+ navigate("/");
+ return null;
+ }
const isSafe = Array.from(SAFE_LINKS).some((domain) => parsed.hostname === domain || parsed.hostname.endsWith(`.${domain}`));
- if (isSafe) navigate(url);
+ if (isSafe) {
+ navigate(url);
+ return null;
+ }
return (
diff --git a/frontend/src/pages/submit.tsx b/frontend/src/pages/submit.tsx
index 95926ab..170e1b7 100644
--- a/frontend/src/pages/submit.tsx
+++ b/frontend/src/pages/submit.tsx
@@ -1,12 +1,10 @@
import { useStore } from "@nanostores/react";
import SubmitForm from "../components/submit-form";
import { session } from "../session";
-import { useNavigate } from "react-router";
+import { Navigate } from "react-router";
export default function SubmitPage() {
- const navigate = useNavigate();
const $session = useStore(session);
-
- if (!$session) navigate("/login");
+ if (!$session) return ;
return ;
}