Skip to content

Commit

Permalink
Improve sanity checking for signin "from" param
Browse files Browse the repository at this point in the history
  • Loading branch information
@stennie
stennie committed Jul 23, 2018
1 parent e26ad60 commit 1c93aa2
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions admin/client/Signin/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,10 @@ import React from 'react';
import ReactDOM from 'react-dom';
import Signin from './Signin';

// Sanitize from param
const internalFromRegex = /^\/[^\/\\]\w+/;
const params = qs.parse(window.location.search.replace(/^\?/, ''));
const from = typeof params.from === 'string' && params.from.charAt(0) === '/'
? params.from : undefined;
const from = internalFromRegex.test(params.from) ? params.from : undefined;

ReactDOM.render(
<Signin
Expand Down

0 comments on commit 1c93aa2

Please sign in to comment.