public_git
/
wireguard-ui
mirror of https://github.com/ngoduykhanh/wireguard-ui.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent XSS and Open Redirect in login page.

This commit is contained in:
Hoang Nguyen 2023-06-22 23:40:24 +07:00
parent b9e5ddf194
commit 8e09eec47d
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
templates/login.html
View File

@ -83,8 +83,8 @@
<script> <script>
function redirectNext() { function redirectNext() {
const urlParams = new URLSearchParams(window.location.search); const urlParams = new URLSearchParams(window.location.search);
const nextURL = urlParams.get('next'); const nextURL = urlParams.get('next').trim();
if (nextURL) { if (nextURL && /(?:^\/[a-zA-Z_])|(?:^\/$)/.test(nextURL)) {
window.location.href = nextURL; window.location.href = nextURL;
} else { } else {
window.location.href = '/{{.basePath}}'; window.location.href = '/{{.basePath}}';