chore: made the path redir safer just in case

This value comes from the backend, but in case someone may try to lure some user somehow, we add a layer of protection
LizardByte · Aug 9, 2024 · 448d83c · 448d83c
1 parent af17523
commit 448d83c
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/src_assets/common/assets/web/login.html b/src_assets/common/assets/web/login.html
@@ -44,12 +44,23 @@ <h1 class="mb-2">
           let newPath = '/';
           if (searchParams.has('redirect')) {
               const redirect = searchParams.get('redirect');
-              if (redirect.startsWith('/')) {
-                  newPath = redirect;
-              } else {
-                  newPath = newPath + redirect;
+              const encodePath = (path) => {
+                  return path.split('').map(char => {
+                      if (char === '/') return char; // Keep '/' unencoded
+                      return encodeURIComponent(char);
+                  }).join('');
+              };
+
+              try {
+                  const redirectUrl = new URL(redirect);
+                  newPath = redirectUrl.pathname;
+              } catch (error) {
+                  if (redirect.startsWith('/')) {
+                      newPath = encodePath(redirect);
+                  }
               }
           }
+
           document.location.href = newPath;
       }
     }