fix: sanitize share urls (#893)

capsulesocial · Jun 3, 2022 · 260d3e3 · 260d3e3
1 parent c43aeb9
commit 260d3e3
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -52,6 +52,7 @@
  "postinstall": "husky install"
  },
  "dependencies": {
+ "@braintree/sanitize-url": "^6.0.0",
  "@nuxtjs/dotenv": "^1.4.1",
  "@tailwindcss/typography": "^0.4.1",
  "@toruslabs/customauth": "^9.0.0",

diff --git a/src/components/popups/SharePopup.vue b/src/components/popups/SharePopup.vue
@@ -150,6 +150,7 @@
 
 <script lang="ts">
 import Vue from 'vue'
+import { sanitizeUrl } from '@braintree/sanitize-url'
 import CloseIcon from '@/components/icons/X.vue'
 import TwitterIcon from '@/components/icons/brands/solid/Twitter.vue'
 import FacebookIcon from '@/components/icons/brands/solid/Facebook.vue'
@@ -278,24 +279,28 @@ export default Vue.extend({
  },
  twitterShare() {
  window.open(
- `https://twitter.com/share?url=${encodeURIComponent(this.generatedDirectLink)}&hashtags=blogchain&text=${
- this.title
- } by ${this.authorID}`,
+ sanitizeUrl(
+ `https://twitter.com/share?url=${encodeURIComponent(this.generatedDirectLink)}&hashtags=blogchain&text=${
+ this.title
+ } by ${this.authorID}`,
+ ),
  )
  },
  linkedinShare() {
  window.open(
- `https://www.linkedin.com/shareArticle?url=${this.generatedDirectLink}&title=${this.title}&summary=${this.subtitle}&source=blogchain.app`,
+ sanitizeUrl(
+ `https://www.linkedin.com/shareArticle?url=${this.generatedDirectLink}&title=${this.title}&summary=${this.subtitle}&source=blogchain.app`,
+ ),
  )
  },
  facebookShare() {
- window.open(`https://www.facebook.com/sharer/sharer.php?u=${this.generatedDirectLink}`)
+ window.open(sanitizeUrl(`https://www.facebook.com/sharer/sharer.php?u=${this.generatedDirectLink}`))
  },
  redditShare() {
- window.open(`https://reddit.com/submit?url=${this.generatedDirectLink}&title=${this.title}`)
+ window.open(sanitizeUrl(`https://reddit.com/submit?url=${this.generatedDirectLink}&title=${this.title}`))
  },
  mailShare() {
- window.open(`mailto:?subject=${this.title}&body=${this.subtitle}%0D%0A%0D%0A${this.generatedDirectLink}`)
+ window.open(sanitizeUrl(`mailto:?subject=${this.title}%0D%0A%0D%0A${this.generatedDirectLink}`))
  },
  },
 })

diff --git a/yarn.lock b/yarn.lock
@@ -939,6 +939,11 @@
  "@babel/helper-validator-identifier" "^7.16.7"
  to-fast-properties "^2.0.0"
 
+"@braintree/sanitize-url@^6.0.0":
+ version "6.0.0"
+ resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
+ integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
+
 "@chainsafe/libp2p-noise@^5.0.0", "@chainsafe/libp2p-noise@^5.0.1":
  version "5.0.3"
  resolved "https://registry.yarnpkg.com/@chainsafe/libp2p-noise/-/libp2p-noise-5.0.3.tgz#d9fbdef7cb3fada7ba467e3495ca74a0710d6274"