fix: Sanitize PE redirect locations for ByteString safety (#602)

Fixes EPICSHOP-F2: sanitize PE redirects

Co-authored-by: Cursor Agent <cursoragent@cursor.com>

Author: kentcdodds

packages/workshop-app/app/utils/pe.tsx

@@ -30,13 +30,13 @@ export function ensureProgressiveEnhancement(
 ) {
 	const redirectTo = formData.get(PE_REDIRECT_INPUT_NAME)
 	if (typeof redirectTo === 'string') {
-		throw redirect(safeRedirect(redirectTo), responseInit?.())
+		throw redirect(toRedirectLocation(redirectTo), responseInit?.())
 	}
 
 	// if request does not accept application/json, it means JS hasn't hydrated yet
 	if (!acceptsJson(request)) {
 		const redirectToReferrer = request.headers.get('Referer') ?? '/'
-		throw redirect(safeRedirect(redirectToReferrer), responseInit?.())
+		throw redirect(toRedirectLocation(redirectToReferrer), responseInit?.())
 	}
 }
 
@@ -50,6 +50,19 @@ function acceptsJson(request: Request) {
 	)
 }
 
+function toRedirectLocation(redirectTo: string, fallback = '/') {
+	const safe = safeRedirect(redirectTo, fallback)
+	try {
+		return encodeURI(decodeURI(safe))
+	} catch {
+		try {
+			return encodeURI(safe)
+		} catch {
+			return fallback
+		}
+	}
+}
+
 export function dataWithPE<Data>(
 	request: Request,
 	formData: FormData,