From 6c005da303b0ddb8718fb6475bc7189143d62c13 Mon Sep 17 00:00:00 2001 From: Simon Detheridge Date: Fri, 4 Oct 2019 15:05:49 +0100 Subject: [PATCH] Merge pull request #2201 from overleaf/hb-relative-path-fix Handle double slash case of safe redirect paths GitOrigin-RevId: fb6e8ea9d736a65df61f07d563235262b8aaf0f3 --- services/web/app/src/Features/Helpers/UrlHelper.js | 2 +- services/web/test/unit/src/HelperFiles/UrlHelperTests.js | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/Features/Helpers/UrlHelper.js b/services/web/app/src/Features/Helpers/UrlHelper.js index c059914feb..581b0fc3be 100644 --- a/services/web/app/src/Features/Helpers/UrlHelper.js +++ b/services/web/app/src/Features/Helpers/UrlHelper.js @@ -4,7 +4,7 @@ const { URL } = require('url') function getSafeRedirectPath(value) { const baseURL = Settings.siteUrl // base URL is required to construct URL from path const url = new URL(value, baseURL) - let safePath = `${url.pathname}${url.search}${url.hash}` + let safePath = `${url.pathname}${url.search}${url.hash}`.replace(/^\/+/, '/') if (safePath === '/') { safePath = undefined } diff --git a/services/web/test/unit/src/HelperFiles/UrlHelperTests.js b/services/web/test/unit/src/HelperFiles/UrlHelperTests.js index 4c82f5f0c4..d52cad5774 100644 --- a/services/web/test/unit/src/HelperFiles/UrlHelperTests.js +++ b/services/web/test/unit/src/HelperFiles/UrlHelperTests.js @@ -27,6 +27,10 @@ describe('UrlHelper', function() { '/%2F%2Fevil.com' ) + expect( + this.UrlHelper.getSafeRedirectPath('http://foo.com//evil.com/bad') + ).to.equal('/evil.com/bad') + return expect(this.UrlHelper.getSafeRedirectPath('.evil.com')).to.equal( '/.evil.com' )