From 64020c2358b2a72d96dfdbf2dc25031e68c026f5 Mon Sep 17 00:00:00 2001
From: Aman Agrawal <amanagr@zulip.com>
Date: Sat, 27 Nov 2021 08:46:26 +0000
Subject: [PATCH] hash_util: Encode url component derived from browser.

This is for security reasons.
---
 frontend_tests/node_tests/hash_util.js | 2 +-
 static/js/hash_util.js                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frontend_tests/node_tests/hash_util.js b/frontend_tests/node_tests/hash_util.js
index 8d3f36e163..6813e8d420 100644
--- a/frontend_tests/node_tests/hash_util.js
+++ b/frontend_tests/node_tests/hash_util.js
@@ -208,5 +208,5 @@ run_test("test_search_public_streams_notice_url", () => {
 
 run_test("test_current_hash_as_next", () => {
     window.location.hash = "#foo";
-    assert.equal(hash_util.current_hash_as_next(), "next=/#foo");
+    assert.equal(hash_util.current_hash_as_next(), "next=/%23foo");
 });
diff --git a/static/js/hash_util.js b/static/js/hash_util.js
index 6b99cc524f..623707c1b6 100644
--- a/static/js/hash_util.js
+++ b/static/js/hash_util.js
@@ -310,5 +310,5 @@ export function is_spectator_compatible(hash) {
 }
 
 export function current_hash_as_next() {
-    return `next=/${window.location.hash}`;
+    return `next=/${encodeURIComponent(window.location.hash)}`;
 }