Skip to content

Commit

Permalink
[WT-2027] Sanitize url check (#1319)
Browse files Browse the repository at this point in the history
  • Loading branch information
deepti-imx authored Jan 8, 2024
1 parent 10a79bb commit 5efad06
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,15 @@ import {
} from 'react';
import { StandardAnalyticsActions } from '@imtbl/react-analytics';

import * as url from 'url';
import { TransakEvent, TransakEvents, TransakStatuses } from './TransakEvents';
import {
AnalyticsControlTypes,
UserJourney,
useAnalytics,
} from '../../context/analytics-provider/SegmentAnalyticsProvider';

const TRANSAK_ORIGIN = 'transak.com';
export const TRANSAK_ORIGIN = ['global.transak.com', 'global-stg.transak.com'];
const FAILED_TO_LOAD_TIMEOUT_IN_MS = 10000;

export type TransakEventHandlers = {
Expand Down Expand Up @@ -147,8 +148,9 @@ export const useTransakEvents = (props: UseTransakEventsProps) => {

const handleMessageEvent = useCallback(
(event: MessageEvent) => {
const host = url.parse(event.origin)?.host?.toLowerCase();
const isTransakEvent = event.source === ref?.current?.contentWindow
&& event.origin.toLowerCase().includes(TRANSAK_ORIGIN);
&& host && TRANSAK_ORIGIN.includes(host);

if (!isTransakEvent) return;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import {
useContext, useEffect, useMemo, useState,
} from 'react';
import { ExchangeType } from '@imtbl/checkout-sdk';
import url from 'url';
import { HeaderNavigation } from '../../../components/Header/HeaderNavigation';
import { SimpleLayout } from '../../../components/SimpleLayout/SimpleLayout';
import { sendOnRampWidgetCloseEvent } from '../OnRampWidgetEvents';
Expand All @@ -17,9 +18,9 @@ import {
import { TransakEventData, TransakEvents, TransakStatuses } from '../TransakEvents';
import { ConnectLoaderContext } from '../../../context/connect-loader-context/ConnectLoaderContext';
import { EventTargetContext } from '../../../context/event-target-context/EventTargetContext';
import { TRANSAK_ORIGIN } from '../../../components/Transak/useTransakEvents';

const transakIframeId = 'transak-iframe';
const transakOrigin = 'transak.com';
const IN_PROGRESS_VIEW_DELAY_MS = 1200;
interface OnRampProps {
showIframe: boolean;
Expand Down Expand Up @@ -214,8 +215,9 @@ export function OnRampMain({
const handleTransakEvents = (event: any) => {
if (!domIframe) return;

const host = url.parse(event.origin)?.host?.toLowerCase();
if (event.source === domIframe.contentWindow
&& event.origin.toLowerCase().includes(transakOrigin)) {
&& host && TRANSAK_ORIGIN.includes(host)) {
trackSegmentEvents(event.data, userWalletAddress, userEmail);
transakEventHandler(event.data);
}
Expand Down

0 comments on commit 5efad06

Please sign in to comment.