From 6179b3fbe06709f1cf3a4e54214a7dbb1543765e Mon Sep 17 00:00:00 2001 From: zomars Date: Mon, 1 Aug 2022 18:20:40 -0600 Subject: [PATCH] Fixes successRedirectUrl validation --- apps/web/pages/event-types/[type].tsx | 2 -- packages/prisma/zod-utils.ts | 19 ++++++++----------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/apps/web/pages/event-types/[type].tsx b/apps/web/pages/event-types/[type].tsx index 99c1c5e95c..2bcd7747fe 100644 --- a/apps/web/pages/event-types/[type].tsx +++ b/apps/web/pages/event-types/[type].tsx @@ -854,7 +854,6 @@ const EventTypePage = (props: inferSSRProps) => { seatsPerTimeSlot, recurringEvent, locations, - successRedirectUrl, ...input } = values; @@ -868,7 +867,6 @@ const EventTypePage = (props: inferSSRProps) => { id: eventType.id, beforeEventBuffer: beforeBufferTime, afterEventBuffer: afterBufferTime, - successRedirectUrl: successRedirectUrl || undefined, seatsPerTimeSlot, metadata: { ...(smartContractAddress ? { smartContractAddress } : {}), diff --git a/packages/prisma/zod-utils.ts b/packages/prisma/zod-utils.ts index a6f96fad1c..bb84f58211 100644 --- a/packages/prisma/zod-utils.ts +++ b/packages/prisma/zod-utils.ts @@ -118,15 +118,12 @@ export const userMetadata = z * - XSS attempts through javascript:alert('hi') * - mailto: links */ -export function assertValidUrl(url: string) { - return url.startsWith("http://") && url.startsWith("https://"); -} - export const successRedirectUrl = z - .string() - .url() - .refine(assertValidUrl, { - path: ["successRedirectUrl"], - message: "Invalid URL", - }) - .nullish(); + .union([ + z.literal(""), + z + .string() + .url() + .regex(/^http(s)?:\/\/.*/), + ]) + .optional();