diff --git a/core/src/core-api/routing.js b/core/src/core-api/routing.js
index c21aa13a9b..3376f77abc 100644
--- a/core/src/core-api/routing.js
+++ b/core/src/core-api/routing.js
@@ -56,7 +56,7 @@ class LuigiRouting {
RoutingHelpers.modifySearchParams(params, url.searchParams);
}
- this.handleBrowserHistory(keepBrowserHistory, url.href);
+ this.handleBrowserHistory(keepBrowserHistory, url);
LuigiConfig.configChanged();
}
@@ -74,11 +74,22 @@ class LuigiRouting {
RoutingHelpers.modifySearchParams(params, url.searchParams, paramPrefix);
}
- this.handleBrowserHistory(keepBrowserHistory, url.href);
+ this.handleBrowserHistory(keepBrowserHistory, url);
LuigiConfig.configChanged();
}
- handleBrowserHistory(keepBrowserHistory, href) {
+ sanitizeUrl(url) {
+ return new URL(location).origin === new URL(url).origin ? url : undefined;
+ }
+
+ handleBrowserHistory(keepBrowserHistory, url) {
+ const href = this.sanitizeUrl(url.href);
+
+ if (!href) {
+ console.warn('invalid url: ' + href);
+ return;
+ }
+
if (keepBrowserHistory) {
window.history.pushState({}, '', href);
} else {
@@ -90,7 +101,7 @@ class LuigiRouting {
const { hash } = new URL(location);
const useHashRouting = LuigiConfig.getConfigValue('routing.useHashRouting');
- return (useHashRouting && hash.split('#').length === 2) ? '' : hash.split('#').pop();
+ return useHashRouting && hash.split('#').length === 2 ? '' : hash.split('#').pop();
}
setAnchor(value) {
diff --git a/website/fiddle/public/examples/microfrontends/multipurpose.html b/website/fiddle/public/examples/microfrontends/multipurpose.html
index 85525efa3a..038329dd1a 100644
--- a/website/fiddle/public/examples/microfrontends/multipurpose.html
+++ b/website/fiddle/public/examples/microfrontends/multipurpose.html
@@ -51,7 +51,7 @@ Multi purpose demo page
} else {
document.body.style.display = 'block';
document.getElementById('title').innerHTML = route
- ? `${route.replace('#/', '')}
`
+ ? `${encodeURIComponent(route.replace('#/', ''))}
`
: '';
}
}