Headline
CVE-2023-3294: Merge pull request from GHSA-wq85-q492-8vxv · saleor/react-storefront@c29aab2
Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
Expand Up @@ -40,8 +40,6 @@ function LoginPage() { } = useForm<LoginFormData>({ defaultValues });
const routerQueryNext = router.query.next?.toString() || ""; const isExternalUrl = /^\w+:\/\//.test(routerQueryNext); const redirectURL = !routerQueryNext || isExternalUrl ? paths.$url() : routerQueryNext;
const handleLogin = handleSubmitForm(async (formData: LoginFormData) => { const { data } = await signIn({ Expand All @@ -54,6 +52,9 @@ function LoginPage() { return; }
const redirectURL = (routerQueryNext && new URL(routerQueryNext, window.location.toString()).pathname) || paths.$url(); void router.push(redirectURL); });
Expand Down