mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-13 21:26:19 +00:00
19 lines
654 B
TypeScript
19 lines
654 B
TypeScript
/**
|
|
* Normalizes a post-authentication path for safe use when building redirect URLs.
|
|
* Returns a path that starts with / and does not allow open redirects (no //, no :).
|
|
*/
|
|
export function normalizePostAuthPath(path: string | null | undefined): string | null {
|
|
if (path == null || typeof path !== "string") {
|
|
return null;
|
|
}
|
|
const trimmed = path.trim();
|
|
if (trimmed === "") {
|
|
return null;
|
|
}
|
|
// Reject protocol-relative (//) or scheme (:) to avoid open redirect
|
|
if (trimmed.includes("//") || trimmed.includes(":")) {
|
|
return null;
|
|
}
|
|
return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
|
|
}
|