Update site redirect regex for validation (#3216)

taranvohra · web-flow · commit 3f292065cd4a · 2025-05-07T12:42:28.000+05:30
diff --git a/.changeset/tidy-rings-talk.md b/.changeset/tidy-rings-talk.md
@@ -0,0 +1,6 @@
+---
+"gitbook": patch
+"gitbook-v2": patch
+---
+
+Update the regex for validating site redirect
diff --git a/packages/gitbook/src/components/SitePage/fetch.ts b/packages/gitbook/src/components/SitePage/fetch.ts
@@ -69,7 +69,11 @@ async function resolvePage(context: GitBookSiteContext, params: PagePathParams |
 
         // If a page still can't be found, we try with the API, in case we have a redirect at site level.
         const redirectPathname = withLeadingSlash(rawPathname);
-        if (/^\/[a-zA-Z0-9-_.\/]+[a-zA-Z0-9-_.]$/.test(redirectPathname)) {
+        if (
+            /^\/(?:[A-Za-z0-9\-._~]|%[0-9A-Fa-f]{2})+(?:\/(?:[A-Za-z0-9\-._~]|%[0-9A-Fa-f]{2})+)*$/.test(
+                redirectPathname
+            )
+        ) {
             const redirectSources = new Set<string>([
                 // Test the pathname relative to the root
                 // For example hello/world -> section/variant/hello/world
diff --git a/packages/gitbook/src/lib/api.ts b/packages/gitbook/src/lib/api.ts
@@ -765,7 +765,12 @@ export const getComputedDocument = cache({
  * Mimic the validation done on source server-side to reduce API usage.
  */
 function validateSiteRedirectSource(source: string) {
-    return source.length <= 512 && /^\/[a-zA-Z0-9-_.\\/]+[a-zA-Z0-9-_.]$/.test(source);
+    return (
+        source.length <= 512 &&
+        /^\/(?:[A-Za-z0-9\-._~]|%[0-9A-Fa-f]{2})+(?:\/(?:[A-Za-z0-9\-._~]|%[0-9A-Fa-f]{2})+)*$/.test(
+            source
+        )
+    );
 }
 
 /**
