# Next.js Open Redirect

- ID: javascript-nextjs-open-redirect
- Severity: MEDIUM
- CWE: Open Redirect (CWE-601)
- Languages: JavaScript, TypeScript
- Frameworks: nextjs

## Description

Detects user-controlled input flowing into redirect targets in Next.js middleware.

## Detection Message

User input from {source} controls redirect target at {sink}.
This allows attackers to redirect users to malicious sites.

## Remediation

Validate redirect targets against an allowlist of permitted paths.

```typescript
const ALLOWED_PATHS = ['/login', '/dashboard', '/profile'];
const redirect = request.nextUrl.searchParams.get('redirect');

if (redirect && ALLOWED_PATHS.includes(redirect)) {
  return NextResponse.redirect(new URL(redirect, request.url));
}
return NextResponse.redirect(new URL('/', request.url));
```

Learn more: https://shoulder.dev/learn/javascript/cwe-601/nextjs-open-redirect

## Related Rules

- **Open Redirect** [MEDIUM]: 
- **Open Redirect via Untrusted URLs** [MEDIUM]: 
- **Open Redirect** [MEDIUM]: