fix(sicurezza): safeNext blocca backslash (open redirect) + guardia ownership su /admin/edit

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-05 22:34:16 +02:00
parent e2bbc9074f
commit 7211d74d3a
3 changed files with 6 additions and 1 deletions
+1
View File
@@ -1,6 +1,7 @@
// Path interno sicuro per il redirect post-login: deve iniziare con "/", non essere
// protocol-relative ("//"), non puntare alle API. Tutto il resto → home.
export function safeNext(next: string | null): string {
if (next && next.includes('\\')) return '/';
if (!next || !next.startsWith('/') || next.startsWith('//')) return '/';
if (next.startsWith('/api/')) return '/';
return next;