smart-go/web/lib/navigation/safe-return.ts

/** 仅允许站内相对路径，防止开放重定向 */
export function safeReturnPath(from: string | null | undefined, fallback = '/dashboard'): string {
  if (from == null || typeof from !== 'string') {
    return fallback;
  }
  const t = from.trim();
  if (!t.startsWith('/') || t.startsWith('//')) {
    return fallback;
  }
  return t;
}