Lukas 0481810226 Fix open redirect vulnerability in LoginPage ...

Validate the ?next= query parameter to prevent open redirects to
external URLs. The parameter is validated to ensure it is a relative
path (starts with / but not //) before using it for navigation.
Invalid paths fall back to '/'.

This prevents attackers from crafting login links like /login?next=https://evil.com
that would transparently redirect authenticated users to malicious sites.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

2026-04-22 21:04:17 +02:00

..

public

Add SEO/security meta tags and favicon to frontend index.html

2026-04-22 20:06:49 +02:00

src

Fix open redirect vulnerability in LoginPage

2026-04-22 21:04:17 +02:00

.env.example

Configure Vite dev proxy via VITE_BACKEND_URL

2026-04-22 20:21:20 +02:00

.gitignore

chore(frontend): add frontend-specific .gitignore

2026-02-28 21:50:40 +01:00

.prettierrc

feat: Stage 1 — backend and frontend scaffolding

2026-02-28 21:15:01 +01:00

eslint.config.ts

Refactor frontend components and dependencies

2026-04-22 20:26:43 +02:00

index.html

Add SEO/security meta tags and favicon to frontend index.html

2026-04-22 20:06:49 +02:00

package-lock.json

Refactor frontend components and dependencies

2026-04-22 20:26:43 +02:00

package.json

Refactor frontend components and dependencies

2026-04-22 20:26:43 +02:00

tsconfig.json

Migrate WorldMap to d3-geo, fix TopoJSON country ID mappings and update tests

2026-04-05 18:50:44 +02:00

tsconfig.node.json

Fix ruff and ESLint warnings in tests and tsconfig

2026-03-11 18:35:30 +01:00

vite.config.ts

Configure Vite dev proxy via VITE_BACKEND_URL

2026-04-22 20:21:20 +02:00

vitest.config.ts

Show BanGUI app version in sidebar, fix version tooltips

2026-03-16 19:45:55 +01:00