Skip to content
Permalink
Browse files

Improve sanity checking for signin "from" param

  • Loading branch information...
stennie committed Jul 23, 2018
1 parent e26ad60 commit 1c93aa293cae45e9a1eab1e8b51cccd6e0757b43
Showing with 3 additions and 2 deletions.
  1. +3 −2 admin/client/Signin/index.js
@@ -10,9 +10,10 @@ import React from 'react';
import ReactDOM from 'react-dom';
import Signin from './Signin';

// Sanitize from param
const internalFromRegex = /^\/[^\/\\]\w+/;
const params = qs.parse(window.location.search.replace(/^\?/, ''));
const from = typeof params.from === 'string' && params.from.charAt(0) === '/'
? params.from : undefined;
const from = internalFromRegex.test(params.from) ? params.from : undefined;

ReactDOM.render(
<Signin

0 comments on commit 1c93aa2

Please sign in to comment.
You can’t perform that action at this time.