@branta-ops/branta 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/v2/client.js +13 -2
  2. package/package.json +1 -1
package/dist/v2/client.js CHANGED
@@ -12,8 +12,18 @@ export class V2BrantaClient {
12
12
  }
13
13
  const data = await response.json();
14
14
  const baseUrl = this._resolveBaseUrl(options);
15
+ const baseOrigin = new URL(baseUrl).origin;
15
16
  for (const payment of data) {
16
17
  payment.verify_url = this._buildVerifyUrl(baseUrl, address);
18
+ if (payment.platformLogoUrl) {
19
+ let valid = false;
20
+ try {
21
+ valid = new URL(payment.platformLogoUrl).origin === baseOrigin;
22
+ }
23
+ catch { /* invalid URL */ }
24
+ if (!valid)
25
+ throw new BrantaPaymentException("platformLogoUrl domain does not match the configured baseUrl domain");
26
+ }
17
27
  }
18
28
  return data;
19
29
  }
@@ -67,8 +77,9 @@ export class V2BrantaClient {
67
77
  }
68
78
  catch { /* not a URL */ }
69
79
  if (url) {
70
- const brantaId = url.searchParams.get('branta_id');
71
- const brantaSecret = url.searchParams.get('branta_secret');
80
+ const rawParams = new URLSearchParams(url.search.replace(/\+/g, '%2B'));
81
+ const brantaId = rawParams.get('branta_id');
82
+ const brantaSecret = rawParams.get('branta_secret');
72
83
  if (brantaId && brantaSecret) {
73
84
  return this.getZKPayment(brantaId, brantaSecret, options);
74
85
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@branta-ops/branta",
3
- "version": "0.0.7",
3
+ "version": "0.0.9",
4
4
  "description": "A JavaScript SDK for the Branta API",
5
5
  "homepage": "https://github.com/BrantaOps/branta-js#readme",
6
6
  "bugs": {