Skip to content

Commit 9493fa4

Browse files
swathi2006swathi2006
committed
validate url
1 parent 91c1deb commit 9493fa4

1 file changed

Lines changed: 14 additions & 4 deletions

File tree

src/components/SupportUsButton.tsx

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,16 @@ function getButtonClasses(buttonVariant: ButtonVariant): string {
4848
return `${base} bg-primary hover:bg-primary/90 text-black font-black py-4 transition-all active:scale-[0.98] shadow-lg shadow-primary/20`;
4949
}
5050

51+
// Helper function to validate URLs and prevent XSS through 'javascript:' protocol
52+
function validateUrl(url?: string): string | undefined {
53+
if (!url) return undefined;
54+
const lowerUrl = url.toLowerCase();
55+
if (lowerUrl.startsWith("http://") || lowerUrl.startsWith("https://")) {
56+
return url;
57+
}
58+
return undefined;
59+
}
60+
5161
// Main component function that renders the support us button, taking in various props for customization and rendering different sections such as hero, organization information, sponsors, and call-to-action based on the provided data and selected theme and button variant
5262
function SupportUsButton({
5363
Theme = "AOSSIE",
@@ -193,9 +203,9 @@ function SupportUsButton({
193203
</div>
194204

195205
{/* Visit Organization Button */}
196-
{organizationInformation.url && (
206+
{validateUrl(organizationInformation.url) && (
197207
<a
198-
href={organizationInformation.url}
208+
href={validateUrl(organizationInformation.url)}
199209
target="_blank"
200210
rel="noopener noreferrer"
201211
title={`Visit ${organizationInformation.name}'s website`}
@@ -309,7 +319,7 @@ function SupportUsButton({
309319
<div className="flex flex-row flex-wrap justify-center items-center gap-10 z-10">
310320
{sponsors.map((sponsor, index) => (
311321
<a
312-
href={sponsor.link}
322+
href={validateUrl(sponsor.link)}
313323
key={index}
314324
target="_blank"
315325
rel="noopener noreferrer"
@@ -452,7 +462,7 @@ function SupportUsButton({
452462
<div className="flex flex-wrap justify-center items-center gap-5 mt-8">
453463
{ctaSection.sponsorLink.map((link, index) => (
454464
<a
455-
href={link.url}
465+
href={validateUrl(link.url)}
456466
key={index}
457467
{...(link.newTab && { target: "_blank" })}
458468
rel="noopener noreferrer"

0 commit comments

Comments
 (0)