Yea please feel free to elaborate… I understand the problem as this would bring the user to an undefined page resulting in a 404. But also no actual words are going to look like that, so should you expect much else than a “broken” page when a user submits bogus data on purpose? What do you think should be the expected behavior for a user? It may be something I can append to the end of this series

@@codebreakthrough If you are going to put an arbitrary string into a URL, particularly when it is arbitrary input from the user, you must encode the value using encodeURIComponent, which will escape things like spaces, /. +, ?, and several other things that will confuse a URL parser. The URL will be decoded for you in routing, so you will get the decoded value back when you read the placeholder, safely carrying the problematic characters. it should be navigate('/definition/' + encodeURIComponent(word)); I expect my ridiculous example from the previous comment to look up the definition of that word containing slashes and question mark and stuff. What I don't expect is a bobby-tables-like URL separator injection vulnerability. I hope you consider this criticism constructive. I think you are a really good teacher.

What?