From e294d589187c19991f5069dde080ac0415818abe Mon Sep 17 00:00:00 2001
From: Ludovic Levalleux <levalleux_ludo@hotmail.com>
Date: Fri, 21 Apr 2023 14:05:41 +0100
Subject: [PATCH] fix: tabnapping protection

---
 src/components/detail/DetailWidget/TokenGated.tsx      |  4 +++-
 .../disputeResolver/ManageDisputes/DisputesTable.tsx   |  3 ++-
 src/components/footer/Footer.tsx                       |  8 +++++---
 src/components/toasts/SuccessTransactionToast.tsx      |  3 ++-
 src/pages/profile/seller/SellerSocial.tsx              | 10 ++++++++--
 5 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/src/components/detail/DetailWidget/TokenGated.tsx b/src/components/detail/DetailWidget/TokenGated.tsx
index 4356f18a1..7743b2740 100644
--- a/src/components/detail/DetailWidget/TokenGated.tsx
+++ b/src/components/detail/DetailWidget/TokenGated.tsx
@@ -7,6 +7,7 @@ import { CONFIG } from "../../../lib/config";
 import { colors } from "../../../lib/styles/colors";
 import { Offer } from "../../../lib/types/offer";
 import { IPrice } from "../../../lib/utils/convertPrice";
+import { sanitizeUrl } from "../../../lib/utils/url";
 import { useCoreSDK } from "../../../lib/utils/useCoreSdk";
 import { useConvertedPrice } from "../../price/useConvertedPrice";
 import Grid from "../../ui/Grid";
@@ -176,8 +177,9 @@ const TokenGated = ({
               </LockInfoDesc>
               <LockInfoDesc>
                 <a
-                  href={openseaLinkToOriginalMainnetCollection}
+                  href={sanitizeUrl(openseaLinkToOriginalMainnetCollection)}
                   target="_blank"
+                  rel="noopener noreferrer"
                 >
                   {openseaLinkToOriginalMainnetCollection}
                 </a>
diff --git a/src/components/disputeResolver/ManageDisputes/DisputesTable.tsx b/src/components/disputeResolver/ManageDisputes/DisputesTable.tsx
index 47e65ca5c..2cb50805e 100644
--- a/src/components/disputeResolver/ManageDisputes/DisputesTable.tsx
+++ b/src/components/disputeResolver/ManageDisputes/DisputesTable.tsx
@@ -14,6 +14,7 @@ import copyToClipboard from "../../../lib/utils/copyToClipboard";
 import { getDateTimestamp } from "../../../lib/utils/getDateTimestamp";
 import { Disputes } from "../../../lib/utils/hooks/useExchanges";
 import { useKeepQueryParamsNavigate } from "../../../lib/utils/hooks/useKeepQueryParamsNavigate";
+import { sanitizeUrl } from "../../../lib/utils/url";
 import { useModal } from "../../modal/useModal";
 import Price from "../../price";
 import PaginationPages from "../../seller/common/PaginationPages";
@@ -175,7 +176,7 @@ export default function DisputesTable({ disputes }: Props) {
                     whiteSpace: "pre"
                   }}
                   onClick={() => {
-                    copyToClipboard(emailAddress).then(() => {
+                    copyToClipboard(sanitizeUrl(emailAddress)).then(() => {
                       toast(() => "Seller e-mail has been copied to clipboard");
                     });
                   }}
diff --git a/src/components/footer/Footer.tsx b/src/components/footer/Footer.tsx
index 11d07d825..5bd17af97 100644
--- a/src/components/footer/Footer.tsx
+++ b/src/components/footer/Footer.tsx
@@ -5,6 +5,7 @@ import logo from "../../../src/assets/logo-white.svg";
 import { BosonRoutes } from "../../lib/routing/routes";
 import { breakpoint } from "../../lib/styles/breakpoint";
 import { useBreakpoints } from "../../lib/utils/hooks/useBreakpoints";
+import { sanitizeUrl } from "../../lib/utils/url";
 import SocialLogo, {
   SocialLogoValues
 } from "../../pages/custom-store/SocialLogo";
@@ -112,9 +113,9 @@ function Socials() {
       return socialMediaLinks.map(({ url, value }) => {
         return (
           <a
-            href={url}
+            href={sanitizeUrl(url)}
             target="_blank"
-            rel="noopener"
+            rel="noopener noreferrer"
             key={`social_nav_${value}_${url}`}
           >
             <SocialLogo logo={value} />
@@ -241,9 +242,10 @@ export default function FooterComponent() {
                   return (
                     <a
                       key={`${footerLink.label}-${footerLink.value}-${index}`}
-                      href={footerLink.value}
+                      href={sanitizeUrl(footerLink.value)}
                       target="_blank"
                       style={{ textAlign: "center" }}
+                      rel="noopener noreferrer"
                     >
                       {footerLink.label}
                     </a>
diff --git a/src/components/toasts/SuccessTransactionToast.tsx b/src/components/toasts/SuccessTransactionToast.tsx
index dd202f73a..981b372bb 100644
--- a/src/components/toasts/SuccessTransactionToast.tsx
+++ b/src/components/toasts/SuccessTransactionToast.tsx
@@ -1,6 +1,7 @@
 import { Toast } from "react-hot-toast";
 
 import { colors } from "../../lib/styles/colors";
+import { sanitizeUrl } from "../../lib/utils/url";
 import Grid from "../ui/Grid";
 import Typography from "../ui/Typography";
 import SuccessToast from "./common/SuccessToast";
@@ -33,7 +34,7 @@ export default function SuccessTransactionToast({
             View details
           </Typography>
         ) : url ? (
-          <a href={url} target="_blank">
+          <a href={sanitizeUrl(url)} target="_blank" rel="noopener noreferrer">
             <Typography color={colors.secondary}>View details</Typography>
           </a>
         ) : null}
diff --git a/src/pages/profile/seller/SellerSocial.tsx b/src/pages/profile/seller/SellerSocial.tsx
index eab5eb813..706e45e02 100644
--- a/src/pages/profile/seller/SellerSocial.tsx
+++ b/src/pages/profile/seller/SellerSocial.tsx
@@ -7,6 +7,7 @@ import {
   Profile,
   ProfileFieldsFragment
 } from "../../../lib/utils/hooks/lens/graphql/generated";
+import { sanitizeUrl } from "../../../lib/utils/url";
 import { preAppendHttps } from "../../../lib/validation/regex/url";
 import {
   DetailShareWrapper,
@@ -26,7 +27,12 @@ function RenderSocial({
   icon: Icon
 }: RenderSocialProps) {
   return (
-    <SocialIcon href={href} $isDisabled={disabled} target="_blank">
+    <SocialIcon
+      href={href}
+      $isDisabled={disabled}
+      target="_blank"
+      rel="noopener noreferrer"
+    >
       {Icon ? Icon : <Globe size={24} />}
     </SocialIcon>
   );
@@ -60,7 +66,7 @@ export default function SellerSocial({
       {/* TODO: Removed as we don't have discord in lens profile */}
       {/* <RenderSocial icon={DiscordLogo} href={""} /> */}
       {lensUrl !== false && (
-        <RenderSocial icon={<Globe size={24} />} href={lensUrl} />
+        <RenderSocial icon={<Globe size={24} />} href={sanitizeUrl(lensUrl)} />
       )}
       <DetailShareWrapper>
         <DetailShare />