Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(login): catch double-slash exploit
  • Loading branch information
SabreCat committed May 20, 2022
1 parent 980e358 commit 5bcfdbe
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions website/client/src/components/auth/registerLoginReset.vue
Expand Up @@ -757,8 +757,8 @@ export default {
}, 500),
sanitizeRedirect (redirect) {
if (!redirect) return '/';
let sanitizedString = DOMPurify.sanitize(redirect);
if (sanitizedString.slice(0, 1) !== '/') sanitizedString = `/${sanitizedString}`;
let sanitizedString = DOMPurify.sanitize(redirect).replace(/\\|\/\/|\./g, '');
sanitizedString = `/${sanitizedString}`;
return sanitizedString;
},
async register () {
Expand Down

0 comments on commit 5bcfdbe

Please sign in to comment.