From f27a75c3c55ed91e5604f2e6bcd45e23648f853a Mon Sep 17 00:00:00 2001
From: Dhritimann <dhritimanm554@gmail.com>
Date: Tue, 13 Jan 2026 23:47:39 +0530
Subject: [PATCH] fix: throw error for invalid redirect location

---
 lib/response.js      |  4 ++++
 test/res.redirect.js | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/lib/response.js b/lib/response.js
index 7a2f0ecce56..d2b4d641948 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -839,6 +839,10 @@ res.redirect = function redirect(url) {
     deprecate('Status must be a number');
   }
 
+  if (typeof address !== 'string' || address.length === 0) {
+  throw new TypeError('Redirect location must be a non-empty string');
+}
+
   // Set location header
   address = this.location(address).get('Location');
 
diff --git a/test/res.redirect.js b/test/res.redirect.js
index 264e0f2b8f3..f9a45cb08fd 100644
--- a/test/res.redirect.js
+++ b/test/res.redirect.js
@@ -31,6 +31,18 @@ describe('res', function(){
       .expect('Location', 'https://google.com?q=%E2%98%83%20%C2%A710')
       .expect(302, done)
     })
+    it('should throw error for undefined redirect location', function () {
+  var app = express();
+
+  app.use(function (req, res) {
+    res.redirect(undefined);
+  });
+
+  request(app)
+    .get('/')
+    .expect(500);
+});
+
 
     it('should not touch already-encoded sequences in "url"', function (done) {
       var app = express()