fix: [M3-8424] - Fix CodeQL alerts for `DOM text reinterpreted as HTM…

…L` (#11008) * fix: [M3-8424] - Fix CodeQL alerts for `DOM text reinterpreted as HTML` * Add changeset * Remove unnecessary code generated by Copilot
linode · Sep 27, 2024 · 8a771ca · 8a771ca
1 parent e17a038
commit 8a771ca
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/packages/manager/.changeset/pr-11008-fixed-1727297819528.md b/packages/manager/.changeset/pr-11008-fixed-1727297819528.md
@@ -0,0 +1,5 @@
+---
+"@linode/manager": Fixed
+---
+
+Fix CodeQL alerts for DOM text reinterpreted as HTML ([#11008](https://github.com/linode/manager/pull/11008))
diff --git a/packages/manager/src/session.ts b/packages/manager/src/session.ts
@@ -32,7 +32,9 @@ export const genOAuthEndpoint = (
 
   const query = {
     client_id: clientID,
-    redirect_uri: `${APP_ROOT}/oauth/callback?returnTo=${redirectUri}`,
+    redirect_uri: `${APP_ROOT}/oauth/callback?returnTo=${encodeURIComponent(
+      redirectUri
+    )}`,
     response_type: 'token',
     scope,
     state: nonce,

diff --git a/packages/manager/src/store/authentication/authentication.requests.ts b/packages/manager/src/store/authentication/authentication.requests.ts
@@ -1,10 +1,12 @@
 import { LOGIN_ROOT } from 'src/constants';
-import { RevokeTokenSuccess, revokeToken } from 'src/session';
-import { ThunkActionCreator } from 'src/store/types';
+import { revokeToken } from 'src/session';
 import { getEnvLocalStorageOverrides } from 'src/utilities/storage';
 
 import { handleLogout as _handleLogout } from './authentication.actions';
 
+import type { RevokeTokenSuccess } from 'src/session';
+import type { ThunkActionCreator } from 'src/store/types';
+
 /**
  * Revokes auth token used to make HTTP requests
  *