search

reactplay / react-play

react-play is an opensource platform that helps you learn ReactJS faster with hands-on practice model. It is a collection of projects that you can use to learn ReactJS.
https://reactplay.io
MIT License
1.36k stars 843 forks source link

Fix code scanning alert no. 9: Client-side URL redirect #1548

Closed priyankarpal closed 1 month ago

priyankarpal commented 1 month ago

Fixes https://github.com/reactplay/react-play/security/code-scanning/9

To fix the problem, we should avoid using window.location.href directly to construct URLs. Instead, we can use a predefined list of allowed hostnames and validate the current hostname against this list. If the hostname is not in the list, we should not construct the URL.

  1. Create a list of allowed hostnames.
  2. Modify the getHostName function to check if the current hostname is in the allowed list.
  3. If the hostname is not allowed, return a safe default value or handle the error appropriately.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

netlify[bot] commented 1 month ago

Deploy Preview for reactplayio failed. Why did it fail? →

Name Link
Latest commit 8823488467c2ba6cadf52deed82cd619c2438b0e
Latest deploy log https://app.netlify.com/sites/reactplayio/deploys/6707e5890cd3ba0008d9eaa5