=== How does this work?

Most client-side frameworks, such as `Vue.js` or `React.js`, provide built-in redirection methods. Those should be preferred as they often provide additional security mechanisms. However, these built-in methods are usually engineered for internal page redirections. Thus, they might not solve the reader's use case.

In case the application strictly requires external redirections based on user-controllable data, the following should be done instead:

1. Validating the `authority` part of the URL against a statically defined value (see Pitfalls.)
2. Using an allowlist approach in case the destination URLs are multiple but limited.
3. Adding a dynamic confirmation dialog, warning about the imminent action and requiring manual authorization to proceed to the actual redirection.