From e266379ea51ba908b64c057224e9c3201ef117bb Mon Sep 17 00:00:00 2001 From: Danh Date: Tue, 3 Oct 2023 17:35:19 +0700 Subject: [PATCH] validate some function --- src/components/Announcement/helper.ts | 2 ++ src/pages/Oauth/AuthForm/ButtonEth.tsx | 2 +- src/pages/Oauth/helpers.ts | 18 ------------------ src/theme/components.tsx | 2 +- src/utils/redirect.ts | 17 +++++++++++++++++ 5 files changed, 21 insertions(+), 20 deletions(-) create mode 100644 src/utils/redirect.ts diff --git a/src/components/Announcement/helper.ts b/src/components/Announcement/helper.ts index 1dd590f0cb..7cc0e9af9b 100644 --- a/src/components/Announcement/helper.ts +++ b/src/components/Announcement/helper.ts @@ -8,6 +8,7 @@ import { TIMES_IN_SECS } from 'constants/index' import { useActiveWeb3React } from 'hooks' import { useChangeNetwork } from 'hooks/web3/useChangeNetwork' import { useAppDispatch } from 'state/hooks' +import { isValidRedirectURL } from 'utils/redirect' const LsKey = 'ack-announcements' export const getAnnouncementsAckMap = () => JSON.parse(localStorage[LsKey] || '{}') @@ -63,6 +64,7 @@ export const useNavigateToUrl = () => { return } const { pathname, host, search } = new URL(actionURL) + if (!isValidRedirectURL(actionURL, false)) return if (window.location.host === host) { navigate(`${pathname}${search}`) } else { diff --git a/src/pages/Oauth/AuthForm/ButtonEth.tsx b/src/pages/Oauth/AuthForm/ButtonEth.tsx index 1600a4fd36..9d6053d069 100644 --- a/src/pages/Oauth/AuthForm/ButtonEth.tsx +++ b/src/pages/Oauth/AuthForm/ButtonEth.tsx @@ -9,9 +9,9 @@ import Loader from 'components/Loader' import { useActiveWeb3React } from 'hooks' import useAutoSignIn from 'pages/Oauth/AuthForm/useAutoSignIn' import { FlowStatus } from 'pages/Oauth/Login' -import { isValidRedirectURL } from 'pages/Oauth/helpers' import { useWalletModalToggle } from 'state/application/hooks' import { ExternalLink } from 'theme' +import { isValidRedirectURL } from 'utils/redirect' const ButtonEth = ({ loading, diff --git a/src/pages/Oauth/helpers.ts b/src/pages/Oauth/helpers.ts index ec9832629d..125dffee13 100644 --- a/src/pages/Oauth/helpers.ts +++ b/src/pages/Oauth/helpers.ts @@ -4,24 +4,6 @@ export const getSupportLoginMethods = (loginFlow: LoginFlow | undefined) => { return loginFlow?.oauth_client?.metadata?.allowed_login_methods ?? [] } -const whiteListDomains = [/https:\/\/(.+?\.)?kyberswap\.com$/, /https:\/\/(.+)\.kyberengineering\.io$/] -export const isValidRedirectURL = (url: string | undefined, checkWhitelist = true) => { - try { - if (!url) return false - const newUrl = new URL(url) // valid url - if ( - url.endsWith('.js') || - newUrl.pathname.endsWith('.js') || - (checkWhitelist && !whiteListDomains.some(regex => newUrl.origin.match(regex))) - ) { - return false - } - return newUrl.protocol === 'http:' || newUrl.protocol === 'https:' - } catch (error) { - return false - } -} - type MessageParams = { domain: string uri: string diff --git a/src/theme/components.tsx b/src/theme/components.tsx index 9a08d143ce..7c8b5238df 100644 --- a/src/theme/components.tsx +++ b/src/theme/components.tsx @@ -4,7 +4,7 @@ import { ArrowLeft, ExternalLink as LinkIconFeather, X } from 'react-feather' import { Link } from 'react-router-dom' import styled, { css, keyframes } from 'styled-components' -import { isValidRedirectURL } from 'pages/Oauth/helpers' +import { isValidRedirectURL } from 'utils/redirect' export const ButtonText = styled.button<{ color?: string; gap?: string }>` outline: none; diff --git a/src/utils/redirect.ts b/src/utils/redirect.ts new file mode 100644 index 0000000000..e0ed969327 --- /dev/null +++ b/src/utils/redirect.ts @@ -0,0 +1,17 @@ +const whiteListDomains = [/https:\/\/(.+?\.)?kyberswap\.com$/, /https:\/\/(.+)\.kyberengineering\.io$/] +export const isValidRedirectURL = (url: string | undefined, checkWhitelist = true) => { + try { + if (!url) return false + const newUrl = new URL(url) // valid url + if ( + url.endsWith('.js') || + newUrl.pathname.endsWith('.js') || + (checkWhitelist && !whiteListDomains.some(regex => newUrl.origin.match(regex))) + ) { + return false + } + return newUrl.protocol === 'http:' || newUrl.protocol === 'https:' + } catch (error) { + return false + } +}