diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:42:13 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:42:37 +0000 |
| commit | 33e4d44c11427a31ada41e7a0757d35f03d62ce7 (patch) | |
| tree | e098358958160304d5896eb4e145fe8728d1866f /app/assets | |
| parent | 814aa80c3a0af2b1eaa402116cff49dd14fda2dd (diff) | |
| download | gitlab-ce-33e4d44c11427a31ada41e7a0757d35f03d62ce7.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee
Diffstat (limited to 'app/assets')
| -rw-r--r-- | app/assets/javascripts/lib/utils/url_utility.js | 24 | ||||
| -rw-r--r-- | app/assets/javascripts/releases/components/app_edit_new.vue | 9 |
2 files changed, 32 insertions, 1 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index 48abc072675..d68b41b7f7a 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -545,3 +545,27 @@ export function getURLOrigin(url) { return null; } } + +/** + * Returns `true` if the given `url` resolves to the same origin the page is served + * from; otherwise, returns `false`. + * + * The `url` may be absolute or relative. + * + * @param {string} url The URL to check. + * @returns {boolean} + */ +export function isSameOriginUrl(url) { + if (typeof url !== 'string') { + return false; + } + + const { origin } = window.location; + + try { + return new URL(url, origin).origin === origin; + } catch { + // Invalid URLs cannot have the same origin + return false; + } +} diff --git a/app/assets/javascripts/releases/components/app_edit_new.vue b/app/assets/javascripts/releases/components/app_edit_new.vue index aecd0d6371e..3774f97a060 100644 --- a/app/assets/javascripts/releases/components/app_edit_new.vue +++ b/app/assets/javascripts/releases/components/app_edit_new.vue @@ -2,6 +2,7 @@ import { GlButton, GlFormInput, GlFormGroup, GlSprintf } from '@gitlab/ui'; import { mapState, mapActions, mapGetters } from 'vuex'; import { getParameterByName } from '~/lib/utils/common_utils'; +import { isSameOriginUrl } from '~/lib/utils/url_utility'; import { __ } from '~/locale'; import MilestoneCombobox from '~/milestones/components/milestone_combobox.vue'; import { BACK_URL_PARAM } from '~/releases/constants'; @@ -65,7 +66,13 @@ export default { }, }, cancelPath() { - return getParameterByName(BACK_URL_PARAM) || this.releasesPagePath; + const backUrl = getParameterByName(BACK_URL_PARAM); + + if (isSameOriginUrl(backUrl)) { + return backUrl; + } + + return this.releasesPagePath; }, saveButtonLabel() { return this.isExistingRelease ? __('Save changes') : __('Create release'); |