Lukas
0481810226
Validate the ?next= query parameter to prevent open redirects to external URLs. The parameter is validated to ensure it is a relative path (starts with / but not //) before using it for navigation. Invalid paths fall back to '/'. This prevents attackers from crafting login links like /login?next=https://evil.com that would transparently redirect authenticated users to malicious sites. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>