Why window.open(someURL) throwing open redirects security vurnerability in React?

This is my code
window.open( ${process.env.REACT_APP_APACHE_SUPERSET_URL}/superset/sqllab/, "_blank" )

Solution

The vulnerability is not only for React.JS but also it's dangerous for other frameworks when using it. The vulnerability can be explained as it occurs when an application allows a user to control a redirect or forward to another URL. If the app does not validate untrusted user input, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker’s phishing site.

Unhandled Runtime Error TypeError: Cannot read properties of undefined (reading 'toString') Apexcharts React
Uncaught Error: Rendered fewer hooks than expected. This may be caused by an accidental early return statement in React Hooks
Need to store JSX in React state
Input regex for UK postcodes constantly invalid
React hooks using recharts AreaChart Console Warning
Tailwind error when installing shadcn in Vite React App
Can Shadcn ui be installed for Vite + React with javascript and not typescript?
How can I control dagre layout to position nodes in a top-to-bottom tree with True branches on the left and False branches on the right?
React-Toastify is not displaying properly
React-query setQueryData not re-rendering component
State is not updated in StrictMode
Check if React component is empty or has no child component
How to utilise useContext within a seperate function - ReactJS
Relative Routing in Next JS
useSpring weird behaviour when undoing transform back to zero
Is it bad practice to make useEffect respond to an user action like this?
NextJS Middleware causing "localhost redirected you too many times" error
Spreading props with conditional props after omitting
React Native: What is the use of SafeAreaProvider
Module not found: Can't resolve 'swiper/react'
useSearchParams() causes 500 error when page is client side
React Native Ios Error - ENOENT: no such file or directory, uv_cwd (null))
How to run npm start without opening browser for react development on linux
Programmatically open Tooltip in Material-UI
Why is the Payload Null in My Redux Action?
How to assign refs created from useRef to child components in React Typescript?
Cors and React with no local server
What is the reason ESlint doesn't work in VS Code
react-select: How do I resolve “Warning: Prop `id` did not match”
error TS2314: Generic type 'Component<P, S>' requires 2 type argument(s)