From 9db44beada425b9de741b981084371fdc0543482 Mon Sep 17 00:00:00 2001
From: Hentry Martin <hentrymartin.p@gmail.com>
Date: Thu, 12 Dec 2024 19:22:54 +0100
Subject: [PATCH] fix: poor validation cross site scripting

---
 src/routes.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/routes.js b/src/routes.js
index f4ca4487..01716670 100644
--- a/src/routes.js
+++ b/src/routes.js
@@ -94,9 +94,9 @@ class Routes extends React.Component {
     getFreshToken().then((token) => {
       this.props.saveToken(token)
     }).catch((error) => {
-      console.error(error)
-      const redirectBackToUrl = window.location.origin + this.props.location.pathname
-      window.location = ACCOUNTS_APP_LOGIN_URL + '?retUrl=' + redirectBackToUrl
+      console.error(error.message)
+      const redirectBackToUrl = encodeURIComponent(window.location.origin + this.props.location.pathname)
+      window.location = `${ACCOUNTS_APP_LOGIN_URL}?retUrl=${redirectBackToUrl}`
     })
   }