From a4dafdf54f0916e7ea68caf41a74861b65711e4c Mon Sep 17 00:00:00 2001
From: Valeriy S <ValeraS@users.noreply.github.com>
Date: Wed, 13 Feb 2019 09:37:45 +0300
Subject: [PATCH] fix(client): prevent go to local links in preview

---
 client/src/templates/Challenges/utils/frame.js | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/client/src/templates/Challenges/utils/frame.js b/client/src/templates/Challenges/utils/frame.js
index ad118debb0..ae8e3d7459 100644
--- a/client/src/templates/Challenges/utils/frame.js
+++ b/client/src/templates/Challenges/utils/frame.js
@@ -25,6 +25,24 @@ const createHeader = (id = mainId) => `
       window.__err = err;
       return true;
     };
+    document.addEventListener('click', function(e) {
+      let element = e.target;
+      while(element && element.nodeName !== 'A') {
+        element = element.parentElement;
+      }
+      if (element) {
+        const href = element.getAttribute('href');
+        if (!href || href[0] !== '#' && !href.match(/^https?:\\/\\//)) {
+          e.preventDefault();
+        }
+      }
+    }, false);
+    document.addEventListener('submit', function(e) {
+      const action = e.target.getAttribute('action');
+      if (!action || !action.match(/https?:\\/\\//)) {
+        e.preventDefault();
+      }
+    }, false);
   </script>
 `;