Merge pull request #2201 from overleaf/hb-relative-path-fix

Handle double slash case of safe redirect paths GitOrigin-RevId: fb6e8ea9d736a65df61f07d563235262b8aaf0f3
2024-09-16 02:52:31 -04:00 · 2019-10-04 15:05:49 +01:00 · 2019-10-04 15:05:49 +01:00 · 6c005da303
commit 6c005da303
parent 4cce43b8d2
2 changed files with 5 additions and 1 deletions
--- a/services/web/app/src/Features/Helpers/UrlHelper.js
+++ b/services/web/app/src/Features/Helpers/UrlHelper.js
@ -4,7 +4,7 @@ const { URL } = require('url')
 function getSafeRedirectPath(value) {
  const baseURL = Settings.siteUrl // base URL is required to construct URL from path
  const url = new URL(value, baseURL)
-  let safePath = `${url.pathname}${url.search}${url.hash}`
+  let safePath = `${url.pathname}${url.search}${url.hash}`.replace(/^\/+/, '/')
  if (safePath === '/') {
    safePath = undefined
  }
--- a/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
+++ b/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
@ -27,6 +27,10 @@ describe('UrlHelper', function() {
        '/%2F%2Fevil.com'
      )

+      expect(
+        this.UrlHelper.getSafeRedirectPath('http://foo.com//evil.com/bad')
+      ).to.equal('/evil.com/bad')
+
      return expect(this.UrlHelper.getSafeRedirectPath('.evil.com')).to.equal(
        '/.evil.com'
      )