From 0039d4aaea711a56030cecba49ea97070577c12b Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kspearrin@users.noreply.github.com>
Date: Tue, 9 Nov 2021 12:26:17 -0500
Subject: [PATCH] url encode data from msg_handler content script (#2170)

---
 src/background/runtime.background.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/background/runtime.background.ts b/src/background/runtime.background.ts
index be8441ea52..41bb287d5f 100644
--- a/src/background/runtime.background.ts
+++ b/src/background/runtime.background.ts
@@ -138,7 +138,7 @@ export default class RuntimeBackground {
 
                 try {
                     BrowserApi.createNewTab('popup/index.html?uilocation=popout#/sso?code=' +
-                        msg.code + '&state=' + msg.state);
+                        encodeURIComponent(msg.code) + '&state=' + encodeURIComponent(msg.state));
                 }
                 catch {
                     this.logService.error('Unable to open sso popout tab');
@@ -151,7 +151,8 @@ export default class RuntimeBackground {
                     return;
                 }
 
-                const params = `webAuthnResponse=${encodeURIComponent(msg.data)};remember=${msg.remember}`;
+                const params = `webAuthnResponse=${encodeURIComponent(msg.data)};` +
+                    `remember=${encodeURIComponent(msg.remember)}`;
                 BrowserApi.createNewTab(`popup/index.html?uilocation=popout#/2fa;${params}`, undefined, false);
                 break;
             case 'reloadPopup':