Fix open redirect vulnerability in return-to URL after login

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/stores/login.ts

@@ -61,7 +61,12 @@ export const useLoginStore = defineStore('loginStore', {
         // 則在此情況下時，我們會在使用者稍後登入後，把使用者帶到剛才記住的 return-to 網址
         if(this.rememberedReturnToUrl !== "") {
           const decodedUrl = atob(this.rememberedReturnToUrl);
-          window.location.href = decodedUrl;
+          // Only allow relative paths to prevent open redirect attacks
+          if(decodedUrl.startsWith('/') && !decodedUrl.startsWith('//')) {
+            window.location.href = decodedUrl;
+          } else {
+            this.$router.push('/files');
+          }
         } else {
           this.$router.push('/files');
         }