rspec/rules/S5146/csharp/how-to-fix-it/blazor.adoc

== How to fix it in Blazor

=== Code examples

include::../../common/fix/code-rationale.adoc[]

==== Noncompliant code example

[source,csharp,diff-id=2,diff-type=noncompliant]
----
@page "/"
@inject NavigationManager Navigation

@code {
    [SupplyParameterFromQuery]
    private String url {get ; set; }

    protected override void OnInitialized() {
        Navigation.NavigateTo(url);
    }
}
----

==== Compliant solution

[source,csharp,diff-id=2,diff-type=compliant]
----
@page "/"
@inject NavigationManager Navigation

@code {
    [SupplyParameterFromQuery]
    private String url {get ; set; }

    private readonly string[] allowedUrls = { "/", "/login", "/logout" };

    protected override void OnInitialized() {
        if (allowedUrls.Contains(url))
        {
          Navigation.NavigateTo(url);
        }
    }
}
----

include::../../common/fix/how-does-this-work.adoc[]

=== Pitfalls

include::../../common/pitfalls/starts-with.adoc[]