jostreff/wireguard-ui
1
0
Fork 0
mirror of https://github.com/ngoduykhanh/wireguard-ui.git synced 2025-06-07 00:46:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Prevent XSS and Open Redirect in login page.

Browse source
This commit is contained in:
Hoang Nguyen 2023-06-22 23:40:24 +07:00
parent b9e5ddf194
commit 8e09eec47d
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
templates/login.html
View file

@ -83,8 +83,8 @@
<script> <script>
function redirectNext() { function redirectNext() {
const urlParams = new URLSearchParams(window.location.search); const urlParams = new URLSearchParams(window.location.search);
const nextURL = urlParams.get('next'); const nextURL = urlParams.get('next').trim();
if (nextURL) { if (nextURL && /(?:^\/[a-zA-Z_])|(?:^\/$)/.test(nextURL)) {
window.location.href = nextURL; window.location.href = nextURL;
} else { } else {
window.location.href = '/{{.basePath}}'; window.location.href = '/{{.basePath}}';