Skip to content

Commit

Permalink
PM-197 - XSS poor validation error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
vas3a committed Dec 18, 2024
1 parent 586476c commit d89f6d1
Show file tree
Hide file tree
Showing 10 changed files with 15 additions and 15 deletions.
2 changes: 1 addition & 1 deletion src/shared/components/Contentful/Article/Article.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ class Article extends React.Component {
} = this.state || {};
let shareUrl;
if (isomorphy.isClientSide()) {
shareUrl = encodeURIComponent(window.location.href);
shareUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
}
const description = htmlToText.fromString(
ReactDOMServer.renderToString(markdown(fields.content)),
Expand Down
6 changes: 3 additions & 3 deletions src/shared/components/Gigs/GigApply/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ export default function GigApply(props) {
recruitProfile,
auth,
} = props;
const retUrl = window.location.href;
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
const duration = getCustomField(job.custom_fields, 'Duration');
const isPlaced = _.find(_.isEmpty(recruitProfile) ? [] : recruitProfile.custom_fields, { field_id: 12 });
const fetchSkills = useMemo(() => _.debounce((inputValue, callback) => {
Expand Down Expand Up @@ -353,9 +353,9 @@ export default function GigApply(props) {
<div styleName="error">
<h3>You must be a Topcoder member to apply!</h3>
<div styleName="cta-buttons">
<Link to={`${config.URL.AUTH}/member?retUrl=${encodeURIComponent(retUrl)}`} styleName="primaryBtn">Login</Link>
<Link to={`${config.URL.AUTH}/member?retUrl=${retUrl}`} styleName="primaryBtn">Login</Link>
</div>
<p styleName="regTxt">Not a member? Register <a href={`${config.URL.AUTH}/?retUrl=${encodeURIComponent(retUrl)}&mode=signUp&utm_source=gig_listing&regSource=gigs`}>here</a>.</p>
<p styleName="regTxt">Not a member? Register <a href={`${config.URL.AUTH}/?retUrl=${retUrl}&mode=signUp&utm_source=gig_listing&regSource=gigs`}>here</a>.</p>
</div>
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion src/shared/components/TopcoderHeader/Auth/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ export default function Auth({ column }) {
className="tc-btn-sm tc-btn-default"
href={`${config.URL.AUTH}/member?utm_source=community-app-main`}
onClick={(event) => {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=community-app-main`;
event.preventDefault();
}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ export default function AccessDenied(props) {
className="tc-btn-md tc-btn-primary"
href={`${config.URL.AUTH}/member?utm_source=${communityId}`}
onClick={(event) => {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=${communityId}`;
event.preventDefault();
}}
Expand Down
4 changes: 2 additions & 2 deletions src/shared/components/tc-communities/Footer/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ function Footer({
<button
className={theme.btnRegister}
onClick={() => {
const url = encodeURIComponent(window.location.href);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member/registration?retUrl=${url}&utm_source=${communityId}`;
}}
type="button"
Expand All @@ -66,7 +66,7 @@ function Footer({
<button
className={theme.btnLogin}
onClick={() => {
const url = encodeURIComponent(window.location.href);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`;
}}
type="button"
Expand Down
6 changes: 3 additions & 3 deletions src/shared/components/tc-communities/Header/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ function Header(props) {
communityId === 'zurich' ? (
<PrimaryButton
onClick={() => {
const returnUrl = encodeURIComponent(window.location.href);
const returnUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/sso-login/?retUrl=${returnUrl}&utm_source=${communityId}`;
}}
size="sm"
Expand All @@ -184,7 +184,7 @@ function Header(props) {
) : (
<Button
onClick={() => {
const url = encodeURIComponent(`${window.location.href}?join=${groupIds[0]}`);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}?join=${groupIds[0]}`);
window.location = `${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`;
}}
size="sm"
Expand All @@ -196,7 +196,7 @@ function Header(props) {
{ hideJoinNow ? null : (
<PrimaryButton
onClick={() => {
let url = encodeURIComponent(`${window.location.href}?join=${groupIds[0]}`);
let url = encodeURIComponent(`${window.location.origin}${window.location.pathname}?join=${groupIds[0]}`);
url = encodeURIComponent(`${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`);
url = encodeURIComponent(url);
window.location = `${config.URL.AUTH}/member/registration?retUrl=${url}&utm_source=${communityId}`;
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/Dashboard/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ function SlashTCContainer(props) {

useEffect(() => {
if (props.tokenV3 && !isTokenExpired(props.tokenV3)) return;
let url = `retUrl=${encodeURIComponent(location.href)}`;
let url = `retUrl=${encodeURIComponent(`${window.location.origin}${window.location.pathname}`)}`;
url = `${config.URL.AUTH}/member?${url}&utm_source=community-app-home-page`;
location.href = url;
}, [props.tokenV3]);
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/challenge-detail/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ class ChallengeDetailPageContainer extends React.Component {
} = this.props;
if (!auth.tokenV3) {
const utmSource = communityId || 'community-app-main';
window.location.href = `${config.URL.AUTH}/member?retUrl=${encodeURIComponent(window.location.href)}&utm_source=${utmSource}&regSource=challenges`;
window.location.href = `${config.URL.AUTH}/member?retUrl=${encodeURIComponent(`${window.location.origin}${window.location.pathname}`)}&utm_source=${utmSource}&regSource=challenges`;
} else {
// Show security reminder to all registrants
this.setState({
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/tc-communities/Loader.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class Loader extends React.Component {
visitorGroups,
} = this.props;

const returnUrl = encodeURIComponent(window.location.href);
const returnUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);

if (!loadingMeta && (
!meta /* || (Date.now() - meta.timestamp) > MAXAGE */
Expand Down
2 changes: 1 addition & 1 deletion src/shared/utils/tc.js
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ export async function getM2mToken() {
*/
export function goToLogin(utmSource = '') {
if (isomorphy.isClientSide()) {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=${utmSource}`;
}
}
Expand Down

0 comments on commit d89f6d1

Please sign in to comment.