2017-12-12 17:44:20 +08:00
|
|
|
define(['/api/config'], function (ApiConfig) {
|
2017-12-12 17:47:01 +08:00
|
|
|
if (ApiConfig.httpSafeOrigin !== window.location.origin) {
|
2017-08-28 18:25:05 +08:00
|
|
|
window.alert('The bounce application must only be used from the sandbox domain, ' +
|
|
|
|
|
'please report this issue on https://github.com/xwiki-labs/cryptpad');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
var bounceTo = decodeURIComponent(window.location.hash.slice(1));
|
2017-12-22 21:58:44 +08:00
|
|
|
if (!bounceTo) {
|
|
|
|
|
window.alert('The bounce application must only be used with a valid href to visit');
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-11-14 00:22:34 +08:00
|
|
|
if (bounceTo.indexOf('javascript:') === 0 || // jshint ignore:line
|
|
|
|
|
bounceTo.indexOf('vbscript:') === 0 || // jshint ignore:line
|
2018-11-13 21:18:09 +08:00
|
|
|
bounceTo.indexOf('data:') === 0) {
|
|
|
|
|
window.alert('Illegal bounce URL');
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-11-27 19:17:35 +08:00
|
|
|
window.opener = null;
|
2017-08-28 18:25:05 +08:00
|
|
|
window.location.href = bounceTo;
|
2017-11-23 19:28:49 +08:00
|
|
|
});
|
