🔒 Use sanitizeUrl on redirectPath auth param (#1389)

2024-03-25 19:11:39 +01:00
parent 2bd1cb7562
commit d0be29e257
3 changed files with 12 additions and 1 deletions
--- a/apps/builder/src/features/auth/components/SignInForm.tsx
+++ b/apps/builder/src/features/auth/components/SignInForm.tsx
@@ -28,10 +28,12 @@ import { useToast } from '@/hooks/useToast'
 import { TextLink } from '@/components/TextLink'
 import { SignInError } from './SignInError'
 import { useTranslate } from '@tolgee/react'
+import { sanitizeUrl } from '@braintree/sanitize-url'

 type Props = {
  defaultEmail?: string
 }
+
 export const SignInForm = ({
  defaultEmail,
 }: Props & HTMLChakraProps<'form'>) => {
@@ -55,7 +57,8 @@ export const SignInForm = ({

  useEffect(() => {
    if (status === 'authenticated') {
-      router.replace(router.query.redirectPath?.toString() ?? '/typebots')
+      const redirectPath = router.query.redirectPath?.toString()
+      router.replace(redirectPath ? sanitizeUrl(redirectPath) : '/typebots')
      return
    }
    ;(async () => {