Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-09-12 01:48:21 +02:00
Code Issues Projects Releases Wiki Activity

sanitize data inputs for captcha connector (#1284)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-09 12:16:10 -05:00 committed by GitHub
parent f8aea1e861
commit 83fed7d66f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/connectors/captcha.ts
View File

@ -19,7 +19,7 @@ document.addEventListener('DOMContentLoaded', () => {
let parentUrl: string = null;
let parentOrigin: string = null;
let callbackUri: string = null;
let mobileResponse: boolean = null;
let sentSuccess = false;
async function init() {
@ -53,13 +53,13 @@ async function start() {
error('Cannot parse data.');
return;
}
callbackUri = decodedData.callbackUri;
mobileResponse = decodedData.callbackUri != null || decodedData.mobile === true;
let src = 'https://hcaptcha.com/1/api.js?render=explicit';
// Set language code
if (decodedData.locale) {
src += `&hl=${decodedData.locale ?? 'en'}`;
src += `&hl=${encodeURIComponent(decodedData.locale) ?? 'en'}`;
}
// Set captchaRequired subtitle for mobile
@ -74,7 +74,7 @@ async function start() {
script.defer = true;
script.addEventListener('load', e => {
hcaptcha.render('captcha', {
sitekey: decodedData.siteKey,
sitekey: encodeURIComponent(decodedData.siteKey),
callback: 'captchaSuccess',
'error-callback': 'captchaError',
});
@ -84,8 +84,8 @@ async function start() {
}
function captchaSuccess(response: string) {
if (callbackUri) {
document.location.replace(callbackUri + '?token=' + encodeURIComponent(response));
if (mobileResponse) {
document.location.replace('bitwarden://captcha-callback?token=' + encodeURIComponent(response));
} else {
success(response);
}