[Fix] Prevent storing external urls for stores (#3208)

* Prevent storing external urls for stores * Use sessionStorage instead of localStorage so last-url is not persisted
Heroic-Games-Launcher · Nov 21, 2023 · b95abc8 · b95abc8
1 parent b6bfb5b
commit b95abc8
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx b/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx
@@ -93,7 +93,7 @@ export default function SidebarLinks() {
   }
 
   // if we have a stored last-url, default to the `/last-url` route
-  const lastStore = localStorage.getItem('last-store')
+  const lastStore = sessionStorage.getItem('last-store')
   if (lastStore) {
     defaultStore = lastStore
   }

diff --git a/src/frontend/screens/WebView/index.tsx b/src/frontend/screens/WebView/index.tsx
@@ -20,6 +20,19 @@ interface Props {
   store?: 'epic' | 'gog' | 'amazon'
 }
 
+const validStoredUrl = (url: string, store: 'epic' | 'gog' | 'amazon') => {
+  switch (store) {
+    case 'epic':
+      return url.includes('epicgames.com')
+    case 'gog':
+      return url.includes('gog.com')
+    case 'amazon':
+      return url.includes('gaming.amazon.com')
+    default:
+      return false
+  }
+}
+
 export default function WebView({ store }: Props) {
   const { i18n } = useTranslation()
   const { pathname, search } = useLocation()
@@ -71,9 +84,9 @@ export default function WebView({ store }: Props) {
   let startUrl = urls[pathname]
 
   if (store) {
-    localStorage.setItem('last-store', `/${store}store`)
-    const lastUrl = localStorage.getItem(`last-url-${store}`)
-    if (lastUrl) {
+    sessionStorage.setItem('last-store', `/${store}store`)
+    const lastUrl = sessionStorage.getItem(`last-url-${store}`)
+    if (lastUrl && validStoredUrl(lastUrl, store)) {
       startUrl = lastUrl
     }
   }
@@ -228,7 +241,10 @@ export default function WebView({ store }: Props) {
     const webview = webviewRef.current
     if (webview && store) {
       const onNavigate = () => {
-        localStorage.setItem(`last-url-${store}`, webview.getURL())
+        const url = webview.getURL()
+        if (validStoredUrl(url, store)) {
+          sessionStorage.setItem(`last-url-${store}`, webview.getURL())
+        }
       }
 
       // this one is needed for gog/amazon