Merge pull request #7069 from topcoder-platform/pm-714

fix(PM-714): encode uri return url to fix xss dom error
topcoder-platform · Feb 18, 2025 · 578141f · 578141f
2 parents 5c9ca46 + 6e7d2a0
commit 578141f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/shared/containers/tc-communities/tco20/Header.jsx b/src/shared/containers/tc-communities/tco20/Header.jsx
@@ -25,8 +25,8 @@ function TCO20Header(props) {
           </React.Fragment>
         ) : (
           <React.Fragment>
-            <a href={`${config.URL.AUTH}/member?utm_source=TCO20site&retUrl=${getCurrentUrl()}`} className={defaultStyle.loginLink}>LOGIN</a>
-            <a href={`${config.URL.AUTH}/member/registration?utm_source=TCO20site&retUrl=${getCurrentUrl()}`} className={defaultStyle.signUpLink}>SIGN UP</a>
+            <a href={`${config.URL.AUTH}/member?utm_source=TCO20site&retUrl=${encodeURIComponent(getCurrentUrl())}`} className={defaultStyle.loginLink}>LOGIN</a>
+            <a href={`${config.URL.AUTH}/member/registration?utm_source=TCO20site&retUrl=${encodeURIComponent(getCurrentUrl())}`} className={defaultStyle.signUpLink}>SIGN UP</a>
           </React.Fragment>
         )
       }

diff --git a/src/shared/utils/url.js b/src/shared/utils/url.js
@@ -14,7 +14,7 @@ import { BUCKETS } from 'utils/challenge-listing/buckets';
  */
 export function getCurrentUrl() {
   if (isomorphy.isServerSide()) return null;
-  const url = window.location.href;
+  const url = window.location.origin + window.location.pathname;
 
   if (typeof url === 'string' && url.startsWith('http')) {
     return url;