Add URL sanitizer to avoid javascript: XSS attack vector

2017-10-30 17:43:23 -07:00
parent 4eae9b681b
commit afa615e01d
6 changed files with 22 additions and 12 deletions
--- a/src/core/utils.js
+++ b/src/core/utils.js
@@ -1,5 +1,5 @@
 import Im from "immutable"
-
+import { sanitizeUrl as braintreeSanitizeUrl } from "@braintree/sanitize-url"
 import camelCase from "lodash/camelCase"
 import upperFirst from "lodash/upperFirst"
 import _memoize from "lodash/memoize"
@@ -722,6 +722,10 @@ export const shallowEqualKeys = (a,b, keys) => {
  })
 }

+export function sanitizeUrl(url) {
+  return braintreeSanitizeUrl(url)
+}
+
 export function getAcceptControllingResponse(responses) {
  if(!Im.OrderedMap.isOrderedMap(responses)) {
    // wrong type!