Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-24 22:41:28 -05:00
Code Issues Activity

fix(ui): protect window.location xss (#1639)

Browse source 
protect window.location xss
This commit is contained in:
simeng-li 2022-07-21 15:58:20 +08:00 committed by GitHub
parent 69b1b85c80
commit 34b465c7d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packages/ui/src/hooks/use-social-landing-handler.ts
View file

@ -30,7 +30,7 @@ const useSocialLandingHandler = () => {
storeCallbackLink(connectorId, nativeCallbackLink);
}
window.location.replace(redirectUri);
window.location.replace(new URL(redirectUri));
},
[search, setToast, t]
);

4
packages/ui/src/pages/SocialLanding/index.test.tsx
View file

@ -13,7 +13,7 @@ describe(`SocialLanding Page`, () => {
const replace = jest.fn();
it('Should set session storage and redirect', async () => {
const callbackLink = 'logto:logto.android.com';
const redirectUri = 'www.github.com';
const redirectUri = 'http://www.github.com';
/* eslint-disable @silverhand/fp/no-mutating-methods */
Object.defineProperty(window, 'location', {
@ -40,7 +40,7 @@ describe(`SocialLanding Page`, () => {
);
await waitFor(() => {
expect(replace).toBeCalledWith(redirectUri);
expect(replace).toBeCalledWith(new URL(redirectUri));
});
expect(getCallbackLinkFromStorage('github')).toBe(callbackLink);