Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-13 08:13:56 +10:00
Code Issues Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
Timur Ercan
2023-01-14 16:41:53 +01:00
parent 1a2ec58f3c
commit 39503b4ad7
1 changed files with 20 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
packages/lib/getSafeRedirectUrl.ts
View File

@ -1,26 +1,24 @@
// // import { CONSOLE_URL, WEBAPP_URL, WEBSITE_URL } from "@calcom/lib/constants";
// It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
export const getSafeRedirectUrl = (url = "") => {
if (!url) {
return null;
}
// // It ensures that redirection URL safe where it is accepted through a query params or other means where user can change it.
// export const getSafeRedirectUrl = (url = "") => {
// if (!url) {
// return null;
// }
//It is important that this fn is given absolute URL because urls that don't start with HTTP can still deceive browser into redirecting to another domain
if (url.search(/^https?:\/\//) === -1) {
throw new Error("Pass an absolute URL");
}
// //It is important that this fn is given absolute URL because urls that don't start with HTTP can still deceive browser into redirecting to another domain
// if (url.search(/^https?:\/\//) === -1) {
// throw new Error("Pass an absolute URL");
// }
const urlParsed = new URL(url);
// const urlParsed = new URL(url);
// Avoid open redirection security vulnerability
if (
!["CONSOLE_URL", "WEBAPP_URL", "WEBSITE_URL"].some(
(u) => new URL(u).origin === urlParsed.origin
)
) {
url = `${"WEBAPP_URL"}/`;
}
// // Avoid open redirection security vulnerability
// if (
// ![CONSOLE_URL, WEBAPP_URL, WEBSITE_URL].some(
// (u) => new URL(u).origin === urlParsed.origin
// )
// ) {
// url = `${WEBAPP_URL}/`;
// }
// return url;
// };
return url;
};