sinvo/docmost
1
0
Fork 0
mirror of https://github.com/docmost/docmost.git synced 2026-05-21 01:04:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: bug fixes (#2201)

Browse Source 
* fix(editor): hide transclusion borders and reset spacing in read-only mode

* feat(share): add full width toggle for shared pages

* feat(share): support resizing sidebar on shared pages

* fix: auto redirect if there is only one SSO provider.
- fix tighten sso redirect
- fix share tree margin

* sync

* package overrides
This commit is contained in:
Philip Okugbe
2026-05-14 02:54:00 +01:00
committed by GitHub
parent cea9be7926
commit 299a9ca3c8
15 changed files with 696 additions and 822 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/client/src/lib/app-route.ts
+30 -12
View File
@@ -31,20 +31,38 @@ const APP_ROUTE = {
},
};
export function safeRedirectPath(input: unknown): string | null {
if (typeof input !== "string") return null;
if (input.length === 0 || input.length > 2048) return null;
// Reject whitespace, backslash, and any Unicode "Other" category char
// (ASCII controls, zero-width space, BOM, bidi marks, etc).
if (/[\s\\]|\p{C}/u.test(input)) return null;
if (!input.startsWith("/") || input.startsWith("//")) return null;
if (input.toLowerCase().includes("://")) return null;
if (/^\/[a-z][a-z0-9+\-.]*:/i.test(input)) return null;
try {
const resolved = new URL(input, window.location.origin);
if (resolved.origin !== window.location.origin) return null;
return resolved.pathname + resolved.search + resolved.hash;
} catch {
return null;
}
}
export function getPostLoginRedirect(): string {
const params = new URLSearchParams(window.location.search);
const redirect = params.get("redirect");
if (redirect) {
try {
const resolved = new URL(redirect, window.location.origin);
if (resolved.origin === window.location.origin) {
return resolved.pathname + resolved.search + resolved.hash;
}
} catch {
// malformed URL, fall through to default
}
}
return APP_ROUTE.HOME;
return safeRedirectPath(params.get("redirect")) ?? APP_ROUTE.HOME;
}
/**
* Returns the `?redirect=` value from the current URL only when it is a safe
* same-origin path. Unlike {@link getPostLoginRedirect} this returns `null`
* (not `/home`) when no redirect is present, so callers can distinguish
* "user came here directly" from "user was bounced from a deep link".
*/
export function getRedirectParam(): string | null {
const params = new URLSearchParams(window.location.search);
return safeRedirectPath(params.get("redirect"));
}
export default APP_ROUTE;