Skip to content

escape Location header with JSON.stringify#2132

Open
atilafassina wants to merge 2 commits intomainfrom
sanitize-location-header
Open

escape Location header with JSON.stringify#2132
atilafassina wants to merge 2 commits intomainfrom
sanitize-location-header

Conversation

@atilafassina
Copy link
Copy Markdown
Member

@atilafassina atilafassina commented Apr 8, 2026

No description provided.

@atilafassina atilafassina self-assigned this Apr 8, 2026
Copilot AI review requested due to automatic review settings April 8, 2026 11:41
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 8, 2026
edited
Loading

Deploy Preview for solid-start-landing-page ready!

Name Link
🔨 Latest commit 4f8000e
🔍 Latest deploy log https://app.netlify.com/projects/solid-start-landing-page/deploys/69d640468849820008a280d4
😎 Deploy Preview https://deploy-preview-2132--solid-start-landing-page.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 8, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 4f8000e

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@atilafassina atilafassina enabled auto-merge (squash) April 8, 2026 11:42
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new bot commented Apr 8, 2026
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/solidjs/solid-start/@solidjs/start@2132

npm i https://pkg.pr.new/solidjs/solid-start/@solidjs/vite-plugin-nitro-2@2132

commit: 4f8000e

Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the streamed “complete redirect” handling to escape the Location header value when embedding it into an inline <script> redirect, aiming to reduce script injection risk during SSR streaming redirects.

Changes:

  • Serialize the Location header value using JSON.stringify before writing it into the inline redirect script.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@atilafassina atilafassina force-pushed the sanitize-location-header branch from 808177e to d4fd44f Compare April 8, 2026 11:46
@solidjs solidjs deleted a comment from Copilot AI Apr 8, 2026
@atilafassina atilafassina requested a review from Copilot April 8, 2026 11:48
Copilot AI reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@atilafassina atilafassina

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@atilafassina