diff options
| author | James Feist <james.feist@linux.intel.com> | 2020-02-10 09:25:07 -0800 |
|---|---|---|
| committer | Gunnar Mills <gmills@us.ibm.com> | 2020-02-11 16:43:02 +0000 |
| commit | b0a0847a8eb02ae21f755942799a81c6e3475e64 (patch) | |
| tree | 11308d08bd2e0ad95d47fd8ffbad934fc2e58375 | |
| parent | 425ed044e9422ad17e8d1924387620cd3d925f37 (diff) | |
| download | phosphor-webui-b0a0847a8eb02ae21f755942799a81c6e3475e64.tar.gz phosphor-webui-b0a0847a8eb02ae21f755942799a81c6e3475e64.zip | |
Block forwarding to non-local url
Currently we don't protect against forwarding to remote
url, so things like:
https://<bmc-address>/#/login?next=http:%2F%2Fyahoo.com
can be used to forward an unsuspecting user to a different
url. This fixes that issue.
Tested: Local redirects still work, above link does not
Closes #109
Change-Id: I4d6c52880156802860f405af43037fb84235912f
Signed-off-by: James Feist <james.feist@linux.intel.com>
| -rw-r--r-- | app/login/controllers/login-controller.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/login/controllers/login-controller.js b/app/login/controllers/login-controller.js index 7867a0c..350429b 100644 --- a/app/login/controllers/login-controller.js +++ b/app/login/controllers/login-controller.js @@ -40,7 +40,9 @@ window.angular && (function(angular) { if (status) { $scope.$emit('user-logged-in', {}); var next = $location.search().next; - if (next === undefined || next == null) { + // don't allow forwarding to non-local urls + if (next === undefined || next == null || + next.indexOf('//') >= 0) { $window.location.hash = '#/overview/server'; } else { $window.location.href = next; |
