From b95abc82aac307519a364092a825ebda3ae65480 Mon Sep 17 00:00:00 2001
From: Ariel Juodziukynas <arieljuod@gmail.com>
Date: Tue, 21 Nov 2023 16:55:29 -0300
Subject: [PATCH] [Fix] Prevent storing external urls for stores (#3208)

* Prevent storing external urls for stores

* Use sessionStorage instead of localStorage so last-url is not persisted
---
 .../Sidebar/components/SidebarLinks/index.tsx |  2 +-
 src/frontend/screens/WebView/index.tsx        | 24 +++++++++++++++----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx b/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx
index 8b7515adab..35e217ac11 100644
--- a/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx
+++ b/src/frontend/components/UI/Sidebar/components/SidebarLinks/index.tsx
@@ -93,7 +93,7 @@ export default function SidebarLinks() {
   }
 
   // if we have a stored last-url, default to the `/last-url` route
-  const lastStore = localStorage.getItem('last-store')
+  const lastStore = sessionStorage.getItem('last-store')
   if (lastStore) {
     defaultStore = lastStore
   }
diff --git a/src/frontend/screens/WebView/index.tsx b/src/frontend/screens/WebView/index.tsx
index 733ebc6c5e..99c0703491 100644
--- a/src/frontend/screens/WebView/index.tsx
+++ b/src/frontend/screens/WebView/index.tsx
@@ -20,6 +20,19 @@ interface Props {
   store?: 'epic' | 'gog' | 'amazon'
 }
 
+const validStoredUrl = (url: string, store: 'epic' | 'gog' | 'amazon') => {
+  switch (store) {
+    case 'epic':
+      return url.includes('epicgames.com')
+    case 'gog':
+      return url.includes('gog.com')
+    case 'amazon':
+      return url.includes('gaming.amazon.com')
+    default:
+      return false
+  }
+}
+
 export default function WebView({ store }: Props) {
   const { i18n } = useTranslation()
   const { pathname, search } = useLocation()
@@ -71,9 +84,9 @@ export default function WebView({ store }: Props) {
   let startUrl = urls[pathname]
 
   if (store) {
-    localStorage.setItem('last-store', `/${store}store`)
-    const lastUrl = localStorage.getItem(`last-url-${store}`)
-    if (lastUrl) {
+    sessionStorage.setItem('last-store', `/${store}store`)
+    const lastUrl = sessionStorage.getItem(`last-url-${store}`)
+    if (lastUrl && validStoredUrl(lastUrl, store)) {
       startUrl = lastUrl
     }
   }
@@ -228,7 +241,10 @@ export default function WebView({ store }: Props) {
     const webview = webviewRef.current
     if (webview && store) {
       const onNavigate = () => {
-        localStorage.setItem(`last-url-${store}`, webview.getURL())
+        const url = webview.getURL()
+        if (validStoredUrl(url, store)) {
+          sessionStorage.setItem(`last-url-${store}`, webview.getURL())
+        }
       }
 
       // this one is needed for gog/amazon