web-manager 3.0.4 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
- package/index.js +14 -5
- package/package.json +1 -1
package/index.js
CHANGED
|
@@ -287,10 +287,17 @@ function Manager() {
|
|
|
287
287
|
}
|
|
288
288
|
}
|
|
289
289
|
|
|
290
|
+
function _isValidRedirectUrl(This, url) {
|
|
291
|
+
var returnUrlObject = new URL(decodeURIComponent(url));
|
|
292
|
+
var currentUrlObject = new URL(window.location.href);
|
|
293
|
+
return returnUrlObject.host === currentUrlObject.host
|
|
294
|
+
|| returnUrlObject.protocol === This.properties.global.app + ':'
|
|
295
|
+
}
|
|
296
|
+
|
|
290
297
|
function _authHandle_in_normal(This, user) {
|
|
291
298
|
var domLib = This.dom();
|
|
292
299
|
var returnUrl = This.properties.page.queryString.get('auth_redirect');
|
|
293
|
-
if (returnUrl) {
|
|
300
|
+
if (returnUrl && _isValidRedirectUrl(This, returnUrl)) {
|
|
294
301
|
window.location.href = decodeURIComponent(returnUrl);
|
|
295
302
|
return;
|
|
296
303
|
}
|
|
@@ -624,11 +631,13 @@ function Manager() {
|
|
|
624
631
|
This.properties.page.queryString = new URLSearchParams(window.location.search);
|
|
625
632
|
var pageQueryString = This.properties.page.queryString
|
|
626
633
|
var pagePathname = window.location.pathname;
|
|
627
|
-
|
|
628
|
-
|
|
634
|
+
var qsAff = pageQueryString.get('aff');
|
|
635
|
+
if (qsAff) {
|
|
636
|
+
This.storage().set('auth.affiliateCode', qsAff);
|
|
629
637
|
}
|
|
630
|
-
|
|
631
|
-
|
|
638
|
+
var qsRedirect = pageQueryString.get('redirect');
|
|
639
|
+
if (qsRedirect && _isValidRedirectUrl(This, qsRedirect)) {
|
|
640
|
+
window.location.href = decodeURIComponent(qsRedirect);
|
|
632
641
|
return;
|
|
633
642
|
}
|
|
634
643
|
var authRegex = /\/(signin|signup|forgot)\//;
|
package/package.json
CHANGED