From 24b47c719b861b1598c4b6d7f3bb9e3ad786ebce Mon Sep 17 00:00:00 2001
From: Eric Schultz <eric@commitchange.com>
Date: Fri, 17 Apr 2020 11:33:13 -0500
Subject: [PATCH] Fix bug where we don't percent encode parts of the widget
 iframe URL

---
 app/javascript/legacy/widget/donate-button.v2.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/javascript/legacy/widget/donate-button.v2.js b/app/javascript/legacy/widget/donate-button.v2.js
index b7d24b2d..c7dba01c 100644
--- a/app/javascript/legacy/widget/donate-button.v2.js
+++ b/app/javascript/legacy/widget/donate-button.v2.js
@@ -81,7 +81,7 @@ commitchange.createIframe = (source) => {
   let i = document.createElement('iframe')
   const url = document.location.href
   i.setAttribute('class', 'commitchange-closed commitchange-iframe')
-  i.src = source + "&origin=" + url
+  i.src = encodeURI(source + "&origin=" + url)
   return i
 }
 
@@ -158,7 +158,7 @@ commitchange.appendMarkup = () => {
         let btn_iframe = document.createElement('iframe')
         let btn_src = fullHost + "/nonprofits/" + nonprofitID + "/btn"
         if(elem.hasAttribute('data-fixed')) { btn_src += '?fixed=t' }
-        btn_iframe.src = btn_src
+        btn_iframe.src = encodeURI(btn_src)
         btn_iframe.className = 'commitchange-btn-iframe'
         btn_iframe.setAttribute('scrolling', 'no')
         btn_iframe.setAttribute('seamless', 'seamless')