validate js first

KyberNetwork · Oct 16, 2023 · 76db549 · 76db549
1 parent c8772ef
commit 76db549
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/src/theme/components.tsx b/src/theme/components.tsx
@@ -206,7 +206,7 @@ export function ExternalLink({
     <StyledLink
       target={target}
       rel={rel}
-      href={validateRedirectURL(href, { whitelistKyberSwap: false, allowPath: true })}
+      href={validateRedirectURL(href, { whitelistKyberSwap: false, allowRelativePath: true })}
       onClick={handleClick}
       {...rest}
     />
@@ -227,7 +227,7 @@ export function ExternalLinkIcon({
         console.debug('Fired outbound link event', href)
       } else {
         event.preventDefault()
-        navigateToUrl(href, { whitelistKyberSwap: false, allowPath: true })
+        navigateToUrl(href, { whitelistKyberSwap: false, allowRelativePath: true })
       }
     },
     [href, target],
@@ -236,7 +236,7 @@ export function ExternalLinkIcon({
     <LinkIconWrapper
       target={target}
       rel={rel}
-      href={validateRedirectURL(href, { whitelistKyberSwap: false, allowPath: true })}
+      href={validateRedirectURL(href, { whitelistKyberSwap: false, allowRelativePath: true })}
       onClick={handleClick}
       {...rest}
     >

diff --git a/src/utils/redirect.ts b/src/utils/redirect.ts
@@ -7,17 +7,16 @@ import { useChangeNetwork } from 'hooks/web3/useChangeNetwork'
 
 const whiteListDomains = [/https:\/\/(.+?\.)?kyberswap\.com$/, /https:\/\/(.+)\.kyberengineering\.io$/]
 
-type Options = { whitelistKyberSwap?: boolean; allowPath?: boolean }
+type Options = { whitelistKyberSwap?: boolean; allowRelativePath?: boolean }
 export const validateRedirectURL = (
   url: string | undefined,
-  { whitelistKyberSwap = true, allowPath = false }: Options = {},
+  { whitelistKyberSwap = true, allowRelativePath = false }: Options = {},
 ) => {
   try {
-    if (!url) throw new Error()
-    if (allowPath && url.startsWith('/')) return url
+    if (!url || url.endsWith('.js')) throw new Error()
+    if (allowRelativePath && url.startsWith('/')) return url
     const newUrl = new URL(url) // valid url
     if (
-      url.endsWith('.js') ||
       newUrl.pathname.endsWith('.js') ||
       !['https:', 'http:'].includes(newUrl.protocol) ||
       (whitelistKyberSwap && !whiteListDomains.some(regex => newUrl.origin.match(regex)))