AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 372 forks source link

handleWindowCallback is checking for null...but what if its undefined? #870

Closed asnow003 closed 5 years ago

asnow003 commented 5 years ago

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[x] Other... Please describe: Possible bug in source code?

Browser:

Library Name

Library version

Library version: Latest

Current behavior

In the "handleWindowCallback" where its checking if the hash is null...what if there is a case in which the hash is "undefined". Since undefined is not equal to null would that be an issue? Is this something that could happen?

/**
 * This method must be called for processing the response received from AAD. It extracts the hash, processes the token or error, saves it in the cache and calls the registered callbacks with the result.
 * @param {string} [hash=window.location.hash] - Hash fragment of Url.
 */
AuthenticationContext.prototype.handleWindowCallback = function (hash) {
    // This is for regular javascript usage for redirect handling
    // need to make sure this is for callback
    if (hash == null) {
        hash = window.location.hash;
    }

asnow003 commented 5 years ago

Checking online I think it should be:

if( typeof variable === 'undefined' || variable === null ){ // Do stuff }

asnow003 commented 5 years ago

never mind...its should catch undefined and null but not false so the code there should be ok according to stack overflow.

https://stackoverflow.com/questions/2647867/how-to-determine-if-variable-is-undefined-or-null