allow to redirect only for whitelisted trusted protocols (#17559)

* fix IDE-69: allow to redirect only for whitelisted trusted protocols * Update components/dashboard/src/service/service.tsx Co-authored-by: Filip Troníček <[email protected]> * drop security --------- Co-authored-by: Filip Troníček <[email protected]>
gitpod-io · May 12, 2023 · 6771283 · 6771283
1 parent 72e822c
commit 6771283
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/components/dashboard/src/service/service.tsx b/components/dashboard/src/service/service.tsx
@@ -176,7 +176,10 @@ export class IDEFrontendService implements IDEFrontendDashboardService.IServer {
         let redirect = false;
         try {
             const desktopLink = new URL(url);
-            redirect = desktopLink.protocol !== "http:" && desktopLink.protocol !== "https:";
+            // allow to redirect only for whitelisted trusted protocols
+            // IDE-69
+            const trustedProtocols = ["vscode:", "vscode-insiders:", "jetbrains-gateway:"];
+            redirect = trustedProtocols.includes(desktopLink.protocol);
         } catch (e) {
             console.error("invalid desktop link:", e);
         }