diff options
| -rw-r--r-- | modules/viewvc/files/setcookieredirect.html | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html index 3adefed2..acb34af6 100644 --- a/modules/viewvc/files/setcookieredirect.html +++ b/modules/viewvc/files/setcookieredirect.html @@ -8,10 +8,11 @@ const params = new Proxy(new URLSearchParams(window.location.search), { get: (searchParams, prop) => searchParams.get(prop), }); - let url = params.to; + let path = params.to; // Sanitize redirect path to avoid malicious arbitrary redirects - if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(url)) { - window.location.href = url; + if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(path)) { + const current = new URL(window.location.toLocaleString()); + window.location.href = current.origin + path; } else { window.onload = function() { document.getElementById('error').innerHTML = 'Error! Bad redirect location!'; |