hai 2 semanas · 6fae9b9b4f
--- a/src/request/index.ts
+++ b/src/request/index.ts
@@ -110,8 +110,8 @@ axios.interceptors.request.use(async (config) => {
 
				             }
			
 
				           } catch {}
			
 
				           const { origin, pathname, search, hash } = window.location;
			
 
				-          // 为了在 hash 路由中作为查询参数安全传递，双重编码 hash
			
 
				-          const safeHash = hash ? encodeURIComponent(encodeURIComponent(hash)) : "";
			
 
				+          // 为了在 hash 路由中作为查询参数安全传递，单重编码 hash
			
 
				+          const safeHash = hash ? encodeURIComponent(hash) : "";
			
 
				           return origin + pathname + (search || "") + safeHash;
			
 
				         };
			
 
				         const redirect = buildRedirect();
			
@@ -184,7 +184,7 @@ const responseInterceptor = (res: AxiosResponse<any, any>) => {
 
				             }
			
 
				           } catch {}
			
 
				           const { origin, pathname, search, hash } = window.location;
			
 
				-          const safeHash = hash ? encodeURIComponent(encodeURIComponent(hash)) : "";
			
 
				+          const safeHash = hash ? encodeURIComponent(hash) : "";
			
 
				           return origin + pathname + (search || "") + safeHash;
			
 
				         };
			
 
				         const redirect = buildRedirect();
			
--- a/src/view/system/login.vue
+++ b/src/view/system/login.vue
@@ -140,12 +140,27 @@ const submitClick = async () => {
 
				 
			
 
				     const params: any = router.currentRoute.value.query;
			
 
				     if ("redirect" in params && params.redirect) {
			
 
				-      const rawRedirect = decodeURIComponent(params.redirect as string);
			
 
				-      const outerUrl = new URL(rawRedirect, window.location.origin);
			
 
				-      const nested = outerUrl.searchParams.get("redirect");
			
 
				-      const finalRedirect = nested ? decodeURIComponent(nested) : rawRedirect;
			
 
				+      const decodeOnce = (s: string): string => {
			
 
				+        try {
			
 
				+          return decodeURIComponent(s);
			
 
				+        } catch {
			
 
				+          return s;
			
 
				+        }
			
 
				+      };
			
 
				 
			
 
				-      const url = new URL(finalRedirect, window.location.origin);
			
 
				+      const rawRedirect = params.redirect as string;
			
 
				+      let resolved = decodeOnce(rawRedirect);
			
 
				+
			
 
				+      // 若存在嵌套的 redirect 参数，则同样单重解码取其值
			
 
				+      try {
			
 
				+        const outerUrl = new URL(resolved, window.location.origin);
			
 
				+        const nested = outerUrl.searchParams.get("redirect");
			
 
				+        if (nested) {
			
 
				+          resolved = decodeOnce(nested);
			
 
				+        }
			
 
				+      } catch {}
			
 
				+
			
 
				+      const url = new URL(resolved, window.location.origin);
			
 
				       url.searchParams.delete("token");
			
 
				       // url.searchParams.append("token", user.value.token);
			
 
				       window.localStorage.setItem("token", user.value.token);