fix: sanitizeLocation method for encoded values

Signed-off-by: Oleksii Orel <[email protected]>
eclipse-che · Mar 31, 2023 · a46b0b3 · a46b0b3
1 parent 1528b49
commit a46b0b3
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/packages/dashboard-frontend/src/services/helpers/__tests__/location.spec.ts b/packages/dashboard-frontend/src/services/helpers/__tests__/location.spec.ts
@@ -24,9 +24,9 @@ describe('location/sanitizeLocation', () => {
     expect(newLocation.pathname).toEqual(pathname);
   });
 
-  it('should return sanitized value of location.search', () => {
+  it('should return sanitized value of location.search if it is without encoding)', () => {
     const search =
-      '?url=https%3A%2F%2Fgithub.com%2Ftest-samples&state=9284564475&session=98765&session_state=45645654567&code=9844646765&storageType=persistent';
+      '?url=https://github.com/test-samples&state=9284564475&session=98765&session_state=45645654567&code=9844646765&storageType=persistent';
     const pathname = '/f';
 
     const newLocation = sanitizeLocation({ search, pathname } as Location);
@@ -38,6 +38,20 @@ describe('location/sanitizeLocation', () => {
     expect(newLocation.pathname).toEqual(pathname);
   });
 
+  it('should return sanitized value of location.search if it is encoded', () => {
+    const search =
+      '?url=https%3A%2F%2Fgithub.com%2Ftest-samples%26state%3D9284564475%26session%3D98765%26session_state%3D45645654567%26code%3D9844646765%26storageType%3Dpersistent';
+    const pathname = '/f';
+
+    const newLocation = sanitizeLocation({ search, pathname } as Location);
+
+    expect(newLocation.search).not.toEqual(search);
+    expect(newLocation.search).toEqual(
+      '?url=https%3A%2F%2Fgithub.com%2Ftest-samples%26storageType%3Dpersistent',
+    );
+    expect(newLocation.pathname).toEqual(pathname);
+  });
+
   it('should return sanitized value of location.pathname', () => {
     const search = '?url=https%3A%2F%2Fgithub.com%2Ftest-samples';
     const pathname = '/f&code=1239844646765';

diff --git a/packages/dashboard-frontend/src/services/helpers/location.ts b/packages/dashboard-frontend/src/services/helpers/location.ts
@@ -110,6 +110,20 @@ export function sanitizeLocation<T extends { search: string; pathname: string }
   // clear search params
   if (location.search) {
     const searchParams = new window.URLSearchParams(location.search);
+
+    // sanitize the URL inside searchParams
+    const targetParam = 'url';
+    let targetValue = searchParams.get(targetParam);
+    if (targetValue !== null) {
+      toRemove.forEach(param => {
+        const re = new RegExp('[&|?]' + param + '=[^&]+', 'i');
+        if (targetValue) {
+          targetValue = targetValue.replace(re, '');
+        }
+      });
+      searchParams.set(targetParam, targetValue);
+    }
+
     toRemove.forEach(val => searchParams.delete(val));
     location.search = '?' + searchParams.toString();
   }