Merge pull request #7069 from topcoder-platform/pm-714

fix(PM-714): encode uri return url to fix xss dom error

Author: hentrymartin

src/shared/containers/tc-communities/tco20/Header.jsx

@@ -25,8 +25,8 @@ function TCO20Header(props) {
           </React.Fragment>
         ) : (
           <React.Fragment>
-            <a href={`${config.URL.AUTH}/member?utm_source=TCO20site&retUrl=${getCurrentUrl()}`} className={defaultStyle.loginLink}>LOGIN</a>
-            <a href={`${config.URL.AUTH}/member/registration?utm_source=TCO20site&retUrl=${getCurrentUrl()}`} className={defaultStyle.signUpLink}>SIGN UP</a>
+            <a href={`${config.URL.AUTH}/member?utm_source=TCO20site&retUrl=${encodeURIComponent(getCurrentUrl())}`} className={defaultStyle.loginLink}>LOGIN</a>
+            <a href={`${config.URL.AUTH}/member/registration?utm_source=TCO20site&retUrl=${encodeURIComponent(getCurrentUrl())}`} className={defaultStyle.signUpLink}>SIGN UP</a>
           </React.Fragment>
         )
       }

src/shared/utils/url.js

@@ -14,7 +14,7 @@ import { BUCKETS } from 'utils/challenge-listing/buckets';
  */
 export function getCurrentUrl() {
   if (isomorphy.isServerSide()) return null;
-  const url = window.location.href;
+  const url = window.location.origin + window.location.pathname;
 
   if (typeof url === 'string' && url.startsWith('http')) {
     return url;