From 2572b3a737dbcc3a9b610e51fd4aae0d9ea1d9c2 Mon Sep 17 00:00:00 2001
From: sh_akira <akira.satoh.sh@gmail.com>
Date: Wed, 7 Aug 2024 12:07:20 +0900
Subject: [PATCH] [docs] add whitelist

---
 docs/redirect/redirect.js | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/docs/redirect/redirect.js b/docs/redirect/redirect.js
index 6efa038..b84b20c 100644
--- a/docs/redirect/redirect.js
+++ b/docs/redirect/redirect.js
@@ -1,2 +1,12 @@
-const r = new URLSearchParams(window.location.search).get("r")
-if(r) window.location.replace(r)
\ No newline at end of file
+const allowedURLs = [
+    'ms-settings:*'
+];
+
+const r = new URLSearchParams(window.location.search).get('r');
+
+const isAllowed = allowedURLs.some((url) => {
+    const regex = new RegExp('^' + url.replace(/\*/g, '.*') + '$');
+    return regex.test(r);
+});
+
+if(r && isAllowed) window.location.replace(r);
\ No newline at end of file