Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PM-197 - XSS poor validation error handling #7023

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/shared/components/Contentful/Article/Article.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ class Article extends React.Component {
} = this.state || {};
let shareUrl;
if (isomorphy.isClientSide()) {
shareUrl = encodeURIComponent(window.location.href);
shareUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
}
const description = htmlToText.fromString(
ReactDOMServer.renderToString(markdown(fields.content)),
Expand Down
6 changes: 3 additions & 3 deletions src/shared/components/Gigs/GigApply/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ export default function GigApply(props) {
recruitProfile,
auth,
} = props;
const retUrl = window.location.href;
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
const duration = getCustomField(job.custom_fields, 'Duration');
const isPlaced = _.find(_.isEmpty(recruitProfile) ? [] : recruitProfile.custom_fields, { field_id: 12 });
const fetchSkills = useMemo(() => _.debounce((inputValue, callback) => {
Expand Down Expand Up @@ -353,9 +353,9 @@ export default function GigApply(props) {
<div styleName="error">
<h3>You must be a Topcoder member to apply!</h3>
<div styleName="cta-buttons">
<Link to={`${config.URL.AUTH}/member?retUrl=${encodeURIComponent(retUrl)}`} styleName="primaryBtn">Login</Link>
<Link to={`${config.URL.AUTH}/member?retUrl=${retUrl}`} styleName="primaryBtn">Login</Link>
</div>
<p styleName="regTxt">Not a member? Register <a href={`${config.URL.AUTH}/?retUrl=${encodeURIComponent(retUrl)}&mode=signUp&utm_source=gig_listing&regSource=gigs`}>here</a>.</p>
<p styleName="regTxt">Not a member? Register <a href={`${config.URL.AUTH}/?retUrl=${retUrl}&mode=signUp&utm_source=gig_listing&regSource=gigs`}>here</a>.</p>
</div>
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion src/shared/components/TopcoderHeader/Auth/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ export default function Auth({ column }) {
className="tc-btn-sm tc-btn-default"
href={`${config.URL.AUTH}/member?utm_source=community-app-main`}
onClick={(event) => {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=community-app-main`;
event.preventDefault();
}}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ export default function AccessDenied(props) {
className="tc-btn-md tc-btn-primary"
href={`${config.URL.AUTH}/member?utm_source=${communityId}`}
onClick={(event) => {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=${communityId}`;
event.preventDefault();
}}
Expand Down
4 changes: 2 additions & 2 deletions src/shared/components/tc-communities/Footer/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ function Footer({
<button
className={theme.btnRegister}
onClick={() => {
const url = encodeURIComponent(window.location.href);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member/registration?retUrl=${url}&utm_source=${communityId}`;
}}
type="button"
Expand All @@ -66,7 +66,7 @@ function Footer({
<button
className={theme.btnLogin}
onClick={() => {
const url = encodeURIComponent(window.location.href);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`;
}}
type="button"
Expand Down
6 changes: 3 additions & 3 deletions src/shared/components/tc-communities/Header/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ function Header(props) {
communityId === 'zurich' ? (
<PrimaryButton
onClick={() => {
const returnUrl = encodeURIComponent(window.location.href);
const returnUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/sso-login/?retUrl=${returnUrl}&utm_source=${communityId}`;
}}
size="sm"
Expand All @@ -184,7 +184,7 @@ function Header(props) {
) : (
<Button
onClick={() => {
const url = encodeURIComponent(`${window.location.href}?join=${groupIds[0]}`);
const url = encodeURIComponent(`${window.location.origin}${window.location.pathname}?join=${groupIds[0]}`);
window.location = `${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`;
}}
size="sm"
Expand All @@ -196,7 +196,7 @@ function Header(props) {
{ hideJoinNow ? null : (
<PrimaryButton
onClick={() => {
let url = encodeURIComponent(`${window.location.href}?join=${groupIds[0]}`);
let url = encodeURIComponent(`${window.location.origin}${window.location.pathname}?join=${groupIds[0]}`);
url = encodeURIComponent(`${config.URL.AUTH}/member?retUrl=${url}&utm_source=${communityId}`);
url = encodeURIComponent(url);
window.location = `${config.URL.AUTH}/member/registration?retUrl=${url}&utm_source=${communityId}`;
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/Dashboard/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ function SlashTCContainer(props) {

useEffect(() => {
if (props.tokenV3 && !isTokenExpired(props.tokenV3)) return;
let url = `retUrl=${encodeURIComponent(location.href)}`;
let url = `retUrl=${encodeURIComponent(`${window.location.origin}${window.location.pathname}`)}`;
url = `${config.URL.AUTH}/member?${url}&utm_source=community-app-home-page`;
location.href = url;
}, [props.tokenV3]);
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/challenge-detail/index.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ class ChallengeDetailPageContainer extends React.Component {
} = this.props;
if (!auth.tokenV3) {
const utmSource = communityId || 'community-app-main';
window.location.href = `${config.URL.AUTH}/member?retUrl=${encodeURIComponent(window.location.href)}&utm_source=${utmSource}&regSource=challenges`;
window.location.href = `${config.URL.AUTH}/member?retUrl=${encodeURIComponent(`${window.location.origin}${window.location.pathname}`)}&utm_source=${utmSource}&regSource=challenges`;
} else {
// Show security reminder to all registrants
this.setState({
Expand Down
2 changes: 1 addition & 1 deletion src/shared/containers/tc-communities/Loader.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class Loader extends React.Component {
visitorGroups,
} = this.props;

const returnUrl = encodeURIComponent(window.location.href);
const returnUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);

if (!loadingMeta && (
!meta /* || (Date.now() - meta.timestamp) > MAXAGE */
Expand Down
2 changes: 1 addition & 1 deletion src/shared/utils/tc.js
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ export async function getM2mToken() {
*/
export function goToLogin(utmSource = '') {
if (isomorphy.isClientSide()) {
const retUrl = encodeURIComponent(window.location.href);
const retUrl = encodeURIComponent(`${window.location.origin}${window.location.pathname}`);
window.location = `${config.URL.AUTH}/member?retUrl=${retUrl}&utm_source=${utmSource}`;
}
}
Expand Down
Loading