From 9be341bd1400164c4cd4ae6f8167607d7d1f5857 Mon Sep 17 00:00:00 2001
From: It'z RJ <86042583+itz-rj-here@users.noreply.github.com>
Date: Tue, 18 Feb 2025 21:08:50 +0600
Subject: [PATCH] Fixing Security Vulnerability for shortcuts (#539)

* Fixing Security Vulnerability for shortcuts

* Revert as the fixes didn't work

* EncodeURL

Co-Authored-By: Prem Kumar <60751338+prem-k-r@users.noreply.github.com>

---------

Co-authored-by: Prem Kumar <60751338+prem-k-r@users.noreply.github.com>
---
 scripts/shortcuts.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/shortcuts.js b/scripts/shortcuts.js
index 476a5ca5..5503415c 100644
--- a/scripts/shortcuts.js
+++ b/scripts/shortcuts.js
@@ -304,8 +304,10 @@ document.addEventListener("DOMContentLoaded", function () {
             url = "https://xengshi.github.io/materialYouNewTab/docs/PageNotFound.html";
         }
 
-        // Normalize URL if valid
-        const normalizedUrl = url.startsWith('https://') || url.startsWith('http://') ? url : 'https://' + url;
+        // Normalize and encode URL
+        const normalizedUrl = encodeURI(
+            url.startsWith('https://') || url.startsWith('http://') ? url : 'https://' + url
+        );
 
         const i = shortcut._index;