Skip to content

Commit 2ce321c

Browse files
committed
fix: properly sanitize urls to prevent xss
1 parent aa65cd8 commit 2ce321c

1 file changed

Lines changed: 8 additions & 3 deletions

File tree

static/assets/js/main.js

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,14 +94,19 @@ document.addEventListener("DOMContentLoaded", () => {
9494
// Event Key Logic
9595
const eventKey = JSON.parse(localStorage.getItem("eventKey")) || ["`"];
9696
const rawPLink = localStorage.getItem("pLink") || "https://classroom.google.com/";
97-
const pLink = reconstructSafeUrl(rawPLink) ?? "https://classroom.google.com/";
98-
let pressedKeys = [];
97+
const safePLink = reconstructSafeUrl(rawPLink) ?? "https://classroom.google.com/";
98+
99+
const panicAnchor = document.createElement("a");
100+
panicAnchor.href = safePLink;
101+
panicAnchor.style.display = "none";
102+
document.body.appendChild(panicAnchor);
99103

104+
let pressedKeys = [];
100105
document.addEventListener("keydown", event => {
101106
pressedKeys.push(event.key);
102107
const recentKeys = pressedKeys.slice(-eventKey.length);
103108
if (recentKeys.length === eventKey.length && eventKey.every((key, i) => key === recentKeys[i])) {
104-
window.location.replace(pLink);
109+
panicAnchor.click();
105110
pressedKeys = [];
106111
}
107112
});

0 commit comments

Comments
 (0)