Closed RedYetiDev closed 5 months ago
[!NOTE] While this may seem like a security patch, backend validation checks in the GraphQL already sanitize redirect URLs.
This PR replaces the case-sensitive javascript: check with a broader check which also verifies that the URL provided is a valid URL.
javascript:
jAvAsCrIpT:alert(/xss/) -> true (valid) javascript:alert(/xss/) -> false (invalid) https://www.example.com/ -> true (valid) htp:example -> true (valid)
jAvAsCrIpT:alert(/xss/) -> true (valid)
javascript:alert(/xss/) -> false (invalid)
https://www.example.com/ -> true (valid)
htp:example -> true (valid)
jAvAsCrIpT:alert(/xss/) -> false (invalid) javascript:alert(/xss/) -> false (invalid) https://www.example.com/ -> true (valid) htp:example -> false (invalid)
jAvAsCrIpT:alert(/xss/) -> false (invalid)
htp:example -> false (invalid)
Closing in favor of #707
RedYetiDev
commented
5 months ago RedYetiDev
commented
5 months ago
This PR replaces the case-sensitive
javascript:check with a broader check which also verifies that the URL provided is a valid URL.OLD
jAvAsCrIpT:alert(/xss/) -> true (valid)javascript:alert(/xss/) -> false (invalid)https://www.example.com/ -> true (valid)htp:example -> true (valid)NEW
jAvAsCrIpT:alert(/xss/) -> false (invalid)javascript:alert(/xss/) -> false (invalid)https://www.example.com/ -> true (valid)htp:example -> false (invalid)