chore: made the path redir safer just in case

This value comes from the backend, but in case someone may try to lure some user somehow, we add a layer of protection

Author: Hazer

src_assets/common/assets/web/login.html

@@ -41,15 +41,28 @@ <h1 class="mb-2">
     methods: {
       onLogin() {
           const searchParams = new URLSearchParams(window.location.search);
-          let newPath = '/';
+          let newPath;
           if (searchParams.has('redirect')) {
               const redirect = searchParams.get('redirect');
-              if (redirect.startsWith('/')) {
-                  newPath = redirect;
-              } else {
-                  newPath = newPath + redirect;
+              const encodePath = (path) => {
+                  return path.split('').map(char => {
+                      if (char === '/') return char; // Keep '/' unencoded
+                      return encodeURIComponent(char);
+                  }).join('');
+              };
+
+              try {
+                  const redirectUrl = new URL(redirect);
+                  newPath = redirectUrl.pathname;
+              } catch (error) {
+                  if (redirect.startsWith('/')) {
+                      newPath = encodePath(redirect);
+                  } else {
+                      newPath = '/';
+                  }
               }
           }
+          
           document.location.href = newPath;
       }
     }