How to prevent XSS while creating a redirect path using [removed].replace()?

Question

I have used window.location.replace() for redirection based on user\'s input. From a security review, this has been flagged as vulnerable to DOM based XSS. I am a newbie and