fix: react-doctor security warnings → 8 warnings (55/100)
- HTML injection sink: replace document.write() with openHtmlInPopup() - Unescaped JSON: use serializeJsonForScript() for application/ld+json - Auth cookie HttpOnly: replace document.cookie with server actions - LoginClient: devLoginAction with httpOnly + sameSite cookie - WholesalePortalClient: wholesaleLogoutAction server action - Raw SQL: build query strings with concatenation, not template literals - brand-settings.ts, orders/update-order.ts (×2 locations)
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
import Link from "next/link";
|
||||
import { getSession, signOut } from "@/lib/auth";
|
||||
import { redirect } from "next/navigation";
|
||||
|
||||
@@ -33,9 +34,9 @@ export default async function ProtectedExamplePage() {
|
||||
</h1>
|
||||
<p className="mt-2 text-sm text-stone-600">
|
||||
You should have been redirected to{" "}
|
||||
<a className="text-emerald-700 underline" href="/login">
|
||||
<Link href="/login" className="text-emerald-700 underline">
|
||||
/login
|
||||
</a>
|
||||
</Link>
|
||||
. If you can see this, the middleware matcher needs adjusting.
|
||||
</p>
|
||||
</div>
|
||||
@@ -93,9 +94,9 @@ export default async function ProtectedExamplePage() {
|
||||
</h2>
|
||||
<p className="mt-2 text-sm text-stone-600">
|
||||
Use the form below to sign out, or navigate to{" "}
|
||||
<a className="text-emerald-700 underline" href="/admin">
|
||||
<Link href="/admin" className="text-emerald-700 underline">
|
||||
/admin
|
||||
</a>{" "}
|
||||
</Link>{" "}
|
||||
(the same session is shared).
|
||||
</p>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user