A path is safe to redirect to iff it's a SINGLE-leading-slash relative path (rejects "//host", "http(s)://…", backslash tricks, and protocol-relative URLs) — defends against open-redirect.
A path is safe to redirect to iff it's a SINGLE-leading-slash relative path (rejects "//host", "http(s)://…", backslash tricks, and protocol-relative URLs) — defends against open-redirect.