chore: made the path redir safer just in case

This value comes from the backend, but in case someone may try to lure some user somehow, we add a layer of protection
LizardByte · Aug 9, 2024 · 18145e7 · 18145e7
1 parent af17523
commit 18145e7
Showing 1 changed file with 18 additions and 5 deletions.
diff --git a/src_assets/common/assets/web/login.html b/src_assets/common/assets/web/login.html
@@ -41,15 +41,28 @@ <h1 class="mb-2">
     methods: {
       onLogin() {
           const searchParams = new URLSearchParams(window.location.search);
-          let newPath = '/';
+          let newPath;
           if (searchParams.has('redirect')) {
               const redirect = searchParams.get('redirect');
-              if (redirect.startsWith('/')) {
-                  newPath = redirect;
-              } else {
-                  newPath = newPath + redirect;
+              const encodePath = (path) => {
+                  return path.split('').map(char => {
+                      if (char === '/') return char; // Keep '/' unencoded
+                      return encodeURIComponent(char);
+                  }).join('');
+              };
+
+              try {
+                  const redirectUrl = new URL(redirect);
+                  newPath = redirectUrl.pathname;
+              } catch (error) {
+                  if (redirect.startsWith('/')) {
+                      newPath = encodePath(redirect);
+                  } else {
+                      newPath = '/';
+                  }
               }
           }
+
           document.location.href = newPath;
       }
     }