vaultwarden/bitwarden-estensione-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2024-12-25 17:32:46 +01:00
Code Issues 1 Releases Wiki Activity

sanitize data inputs for captcha connector (#1284)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-09 12:16:10 -05:00 committed by GitHub
parent f8aea1e861
commit 83fed7d66f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/connectors/captcha.ts
View File

@ -19,7 +19,7 @@ document.addEventListener('DOMContentLoaded', () => {
let parentUrl: string = null; let parentUrl: string = null;
let parentOrigin: string = null; let parentOrigin: string = null;
let callbackUri: string = null; let mobileResponse: boolean = null;
let sentSuccess = false; let sentSuccess = false;
async function init() { async function init() {
@ -53,13 +53,13 @@ async function start() {
error('Cannot parse data.'); error('Cannot parse data.');
return; return;
} }
callbackUri = decodedData.callbackUri; mobileResponse = decodedData.callbackUri != null || decodedData.mobile === true;
let src = 'https://hcaptcha.com/1/api.js?render=explicit'; let src = 'https://hcaptcha.com/1/api.js?render=explicit';
// Set language code // Set language code
if (decodedData.locale) { if (decodedData.locale) {
src += `&hl=${decodedData.locale ?? 'en'}`; src += `&hl=${encodeURIComponent(decodedData.locale) ?? 'en'}`;
} }
// Set captchaRequired subtitle for mobile // Set captchaRequired subtitle for mobile
@ -74,7 +74,7 @@ async function start() {
script.defer = true; script.defer = true;
script.addEventListener('load', e => { script.addEventListener('load', e => {
hcaptcha.render('captcha', { hcaptcha.render('captcha', {
sitekey: decodedData.siteKey, sitekey: encodeURIComponent(decodedData.siteKey),
callback: 'captchaSuccess', callback: 'captchaSuccess',
'error-callback': 'captchaError', 'error-callback': 'captchaError',
}); });
@ -84,8 +84,8 @@ async function start() {
} }
function captchaSuccess(response: string) { function captchaSuccess(response: string) {
if (callbackUri) { if (mobileResponse) {
document.location.replace(callbackUri + '?token=' + encodeURIComponent(response)); document.location.replace('bitwarden://captcha-callback?token=' + encodeURIComponent(response));
} else { } else {
success(response); success(response);
} }