From c17ff3def809176c6ad6bdd7424e3e0b5d5db4c2 Mon Sep 17 00:00:00 2001 From: Adam Thompson-Sharpe Date: Mon, 29 Jun 2026 21:10:54 -0400 Subject: [PATCH] refactor(oauth2-redirect): parse query with URLSearchParams Replaces the query parameter parser that used splitting and concatenation with `URLSearchParams`. This makes the parsing more correct and avoids issues if JSON-significant characters appear in the query params. I didn't touch the files in `dist/` because I'm not fully sure how they're generated. --- dev-helpers/oauth2-redirect.js | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/dev-helpers/oauth2-redirect.js b/dev-helpers/oauth2-redirect.js index c0377806b8c..7249e48ffce 100644 --- a/dev-helpers/oauth2-redirect.js +++ b/dev-helpers/oauth2-redirect.js @@ -3,7 +3,7 @@ function run () { var oauth2 = window.opener.swaggerUIRedirectOauth2 var sentState = oauth2.state var redirectUrl = oauth2.redirectUrl - var isValid, qp, arr + var isValid, qp if (/code|token|error/.test(window.location.hash)) { qp = window.location.hash.substring(1).replace("?", "&") @@ -11,13 +11,7 @@ function run () { qp = location.search.substring(1) } - arr = qp.split("&") - arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace("=", '":"') + '"' }) - qp = qp ? JSON.parse("{" + arr.join() + "}", - function (key, value) { - return key === "" ? value : decodeURIComponent(value) - } - ) : {} + qp = Object.fromEntries(new URLSearchParams(qp)) isValid = qp.state === sentState