By: Michael Lynch <git@mtlynch.io>
Reject unsafe login redirect targets Validate the next path without sanitizing caller input, so malformed URLs and paths without a leading slash fail instead of falling back to the home page. Add table-driven login coverage for protocol-relative URLs, external HTTP and HTTPS URLs, malformed URLs, non-HTTP absolute URLs, and valid app-relative paths.
| Time to Start | Worker time | Duration | Time to finish | |
| Config | 0s | 2s | 2s | 2s |
| Eval | - | - | - | - |
| Build | 4s | 20s | - | - |
| Test | - | - | - | - |
| Deploy | - | - | - | - |
| Suite | 0s | 22s | - | - |