Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history
Co-authored-by: Sabe Jones <[email protected]>
  • Loading branch information
SabreCat and SabreCat committed Sep 11, 2024
1 parent 80068a3 commit 946ade5
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 15 deletions.
6 changes: 0 additions & 6 deletions website/client/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion website/client/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
"bootstrap": "^4.6.0",
"bootstrap-vue": "^2.23.1",
"core-js": "^3.33.1",
"dompurify": "^3.0.3",
"eslint": "7.32.0",
"eslint-config-habitrpg": "6.2.0",
"eslint-plugin-mocha": "5.3.0",
Expand Down
9 changes: 2 additions & 7 deletions website/client/src/components/auth/registerLoginReset.vue
Original file line number Diff line number Diff line change
Expand Up @@ -608,17 +608,17 @@ import axios from 'axios';
import hello from 'hellojs';
import debounce from 'lodash/debounce';
import isEmail from 'validator/es/lib/isEmail';
import DOMPurify from 'dompurify';
import { MINIMUM_PASSWORD_LENGTH } from '@/../../common/script/constants';
import { buildAppleAuthUrl } from '../../libs/auth';
import sanitizeRedirect from '@/mixins/sanitizeRedirect';
import exclamation from '@/assets/svg/exclamation.svg';
import gryphon from '@/assets/svg/gryphon.svg';
import habiticaIcon from '@/assets/svg/logo-horizontal.svg';
import googleIcon from '@/assets/svg/google.svg';
import appleIcon from '@/assets/svg/apple_black.svg';
export default {
mixins: [sanitizeRedirect],
data () {
const data = {
username: '',
Expand Down Expand Up @@ -747,11 +747,6 @@ export default {
}
});
}, 500),
sanitizeRedirect (redirect) {
if (!redirect) return '/';
const sanitizedString = DOMPurify.sanitize(redirect).replace(/\\|\/\/|\./g, '');
return sanitizedString;
},
async register () {
// @TODO do not use alert
if (!this.email) {
Expand Down
6 changes: 5 additions & 1 deletion website/client/src/components/static/home.vue
Original file line number Diff line number Diff line change
Expand Up @@ -784,6 +784,7 @@ import debounce from 'lodash/debounce';
import isEmail from 'validator/es/lib/isEmail';
import { MINIMUM_PASSWORD_LENGTH } from '@/../../common/script/constants';
import { buildAppleAuthUrl } from '../../libs/auth';
import sanitizeRedirect from '@/mixins/sanitizeRedirect';
import googlePlay from '@/assets/images/home/google-play-badge.svg';
import iosAppStore from '@/assets/images/home/ios-app-store.svg';
import iphones from '@/assets/images/home/iphones.svg';
Expand All @@ -804,6 +805,7 @@ import makeuseof from '@/assets/images/home/make-use-of.svg';
import thenewyorktimes from '@/assets/images/home/the-new-york-times.svg';
export default {
mixins: [sanitizeRedirect],
data () {
return {
icons: Object.freeze({
Expand Down Expand Up @@ -923,7 +925,9 @@ export default {
groupInvite,
});
window.location.href = this.$route.query.redirectTo || '/';
const redirect = this.sanitizeRedirect(this.$route.query.redirectTo);
window.location.href = redirect;
},
playButtonClick () {
this.$router.push('/register');
Expand Down
16 changes: 16 additions & 0 deletions website/client/src/mixins/sanitizeRedirect.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
export default {
methods: {
sanitizeRedirect (redirect) {
if (!redirect) {
return '/';
}
if (process.env.TRUSTED_DOMAINS.split(',').includes(redirect)) {
return redirect;
}
if (redirect.slice(0, 1) !== '/' || redirect.slice(1, 1) === '/') {
return '/';
}
return redirect;
},
},
};

0 comments on commit 946ade5

Please sign in to comment.