NO_ASSIGN_WINDOW_LOCATION
Prevent unsafe assignment to window.location.href in your application.Conformance is available on Enterprise plans
Direct assignments to "window.location.href" or "window.location" should be avoided due to possible XSS attacks that can occur from lack of sanitization of input to the "href".
The recommended approach for Next.js applications is to use a custom redirectTo function. This provides a clear way to use router.push()
or window.location.href to provide an experience that is best for the user (client-side navigation only, or a full page refresh).
Here's an example of how you might do this using Next.js:
Before:
my-site.js
windows.location.href = '/login';After:
my-site.js
router.push('/login');Last updated on March 4, 2025
Was this helpful?