fix: xss #630

MrSwitch · Oct 22, 2020 · f41fa67 · f41fa67
1 parent 3d694a9
commit f41fa67
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/hello.js b/src/hello.js
@@ -1304,7 +1304,9 @@ hello.utils.extend(hello.utils, {
 			// Redirect to the host
 			var path = _this.qs(state.oauth_proxy, p);
 
-			location.assign(path);
+			if (isValidUrl(path)) {
+				location.assign(path);
+			}
 
 			return;
 		}