blob: fe98b9dc7425b8a9c985767e651a61a46905b329 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
<!DOCTYPE html>
<html>
<head>
<title>User check</title>
<script type="text/javascript" defer>
const randomValue = "6436"; // Chosen by fair dice roll. Guaranteed to be random.
document.cookie = `session=${randomValue}; path=/; expires=${new Date(Date.now() + 24*3600*1000).toUTCString()}`;
const params = new Proxy(new URLSearchParams(window.location.search), {
get: (searchParams, prop) => searchParams.get(prop),
});
let path = params.to;
// Sanitize redirect path to avoid malicious arbitrary redirects
if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(decodeURIComponent(path))) {
const current = new URL(window.location.toLocaleString());
window.location.href = encodeURI(current.origin + decodeURIComponent(path));
} else {
window.onload = function() {
document.getElementById('error').innerHTML = 'Error! Bad redirect location!';
}
}
</script>
</head>
<body>
Redirecting back...
<br>
<p id="error"><!-- space for error message --></p>
</body>
</html>
|
