aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/viewvc/files/setcookieredirect.html7
1 files changed, 4 insertions, 3 deletions
diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html
index 3adefed2..acb34af6 100644
--- a/modules/viewvc/files/setcookieredirect.html
+++ b/modules/viewvc/files/setcookieredirect.html
@@ -8,10 +8,11 @@
const params = new Proxy(new URLSearchParams(window.location.search), {
get: (searchParams, prop) => searchParams.get(prop),
});
- let url = params.to;
+ let path = params.to;
// Sanitize redirect path to avoid malicious arbitrary redirects
- if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(url)) {
- window.location.href = url;
+ if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(path)) {
+ const current = new URL(window.location.toLocaleString());
+ window.location.href = current.origin + path;
} else {
window.onload = function() {
document.getElementById('error').innerHTML = 'Error! Bad redirect location!';