barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-02-26 10:52:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: sanitize redirect URL

Browse Source
This commit is contained in:
Stavros
2025-05-14 20:08:04 +03:00
parent a4224e6771
commit 28eea8d40c
4 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
frontend/src/pages/continue-page.tsx
View File

@@ -11,6 +11,7 @@ import { useUserContext } from "@/context/user-context";
import { isValidUrl } from "@/lib/utils";
import { Trans, useTranslation } from "react-i18next";
import { Navigate, useNavigate } from "react-router";
import DOMPurify from "dompurify";
export const ContinuePage = () => {
const params = new URLSearchParams(window.location.search);
@@ -33,7 +34,7 @@ export const ContinuePage = () => {
}
if (disableContinue) {
window.location.href = redirectURI;
window.location.href = DOMPurify.sanitize(redirectURI);
}
const navigate = useNavigate();
@@ -60,7 +61,9 @@ export const ContinuePage = () => {
</CardHeader>
<CardFooter className="flex flex-col items-stretch gap-2">
<Button
onClick={() => (window.location.href = redirectURI)}
onClick={() =>
(window.location.href = DOMPurify.sanitize(redirectURI))
}
variant="destructive"
>
{t("continueTitle")}
@@ -92,7 +95,9 @@ export const ContinuePage = () => {
</CardHeader>
<CardFooter className="flex flex-col items-stretch gap-2">
<Button
onClick={() => (window.location.href = redirectURI)}
onClick={() =>
(window.location.href = DOMPurify.sanitize(redirectURI))
}
variant="warning"
>
{t("continueTitle")}
@@ -112,7 +117,11 @@ export const ContinuePage = () => {
<CardDescription>{t("continueSubtitle")}</CardDescription>
</CardHeader>
<CardFooter className="flex flex-col items-stretch">
<Button onClick={() => (window.location.href = redirectURI)}>
<Button
onClick={() =>
(window.location.href = DOMPurify.sanitize(redirectURI))
}
>
{t("continueTitle")}
</Button>
</CardFooter>

2
frontend/src/schemas/app-context-schema.ts
View File

@@ -7,7 +7,7 @@ export const appContextSchema = z.object({
genericName: z.string(),
domain: z.string(),
forgotPasswordMessage: z.string(),
// oauthAutoRedirect: z.string(),
oauthAutoRedirect: z.string(),
backgroundImage: z.string(),
})