From f948482386767e198d5bbb8723716bcec8e5e625 Mon Sep 17 00:00:00 2001
From: Ashley Harrison <ashley.harrison@grafana.com>
Date: Mon, 27 Mar 2023 15:27:52 +0100
Subject: [PATCH] Navigation: Sanitize homeUrl (#65293)

sanitize homeUrl
---
 public/app/core/components/AppChrome/TopSearchBar.tsx | 4 ++--
 public/app/core/components/NavBar/NavBar.tsx          | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/public/app/core/components/AppChrome/TopSearchBar.tsx b/public/app/core/components/AppChrome/TopSearchBar.tsx
index fe926adf9fb..7038efdfccd 100644
--- a/public/app/core/components/AppChrome/TopSearchBar.tsx
+++ b/public/app/core/components/AppChrome/TopSearchBar.tsx
@@ -2,7 +2,7 @@ import { css } from '@emotion/css';
 import React from 'react';
 import { useLocation } from 'react-router-dom';
 
-import { GrafanaTheme2, locationUtil } from '@grafana/data';
+import { GrafanaTheme2, locationUtil, textUtil } from '@grafana/data';
 import { Dropdown, ToolbarButton, useStyles2 } from '@grafana/ui';
 import { config } from 'app/core/config';
 import { contextSrv } from 'app/core/core';
@@ -29,7 +29,7 @@ export const TopSearchBar = React.memo(function TopSearchBar() {
 
   let homeUrl = config.appSubUrl || '/';
   if (!config.bootData.user.isSignedIn && !config.anonymousEnabled) {
-    homeUrl = locationUtil.getUrlForPartial(location, { forceLogin: 'true' });
+    homeUrl = textUtil.sanitizeUrl(locationUtil.getUrlForPartial(location, { forceLogin: 'true' }));
   }
 
   return (
diff --git a/public/app/core/components/NavBar/NavBar.tsx b/public/app/core/components/NavBar/NavBar.tsx
index f9019684061..a3700c5f788 100644
--- a/public/app/core/components/NavBar/NavBar.tsx
+++ b/public/app/core/components/NavBar/NavBar.tsx
@@ -5,7 +5,7 @@ import { cloneDeep } from 'lodash';
 import React, { useState } from 'react';
 import { useLocation } from 'react-router-dom';
 
-import { GrafanaTheme2, locationUtil, NavModelItem, NavSection } from '@grafana/data';
+import { GrafanaTheme2, locationUtil, NavModelItem, NavSection, textUtil } from '@grafana/data';
 import { config, locationSearchToObject, locationService, reportInteraction } from '@grafana/runtime';
 import { useTheme2, CustomScrollbar, IconButton } from '@grafana/ui';
 import { getKioskMode } from 'app/core/navigation/kiosk';
@@ -53,7 +53,7 @@ export const NavBar = React.memo(() => {
 
   let homeUrl = config.appSubUrl || '/';
   if (!config.bootData.user.isSignedIn && !config.anonymousEnabled) {
-    homeUrl = locationUtil.getUrlForPartial(location, { forceLogin: 'true' });
+    homeUrl = textUtil.sanitizeUrl(locationUtil.getUrlForPartial(location, { forceLogin: 'true' }));
   }
 
   const homeItem: NavModelItem = enrichWithInteractionTracking(