更改全部项目登录页逻辑

src/app/cjzfire/view/login/index.vue

@@ -153,10 +153,30 @@ const submitClick = async () => {
 
     const params: any = router.currentRoute.value.query;
     if ("redirect" in params && params.redirect) {
-      const url = new URL(unescape(params.redirect as string));
+      const decodeOnce = (s: string): string => {
+        try {
+          return decodeURIComponent(s);
+        } catch {
+          return s;
+        }
+      };
+
+      const rawRedirect = params.redirect as string;
+      let resolved = decodeOnce(rawRedirect);
+
+      // 若存在嵌套的 redirect 参数，则同样单重解码取其值
+      try {
+        const outerUrl = new URL(resolved, window.location.origin);
+        const nested = outerUrl.searchParams.get("redirect");
+        if (nested) {
+          resolved = decodeOnce(nested);
+        }
+      } catch {}
+
+      const url = new URL(resolved, window.location.origin);
       url.searchParams.delete("token");
       // url.searchParams.append("token", user.value.token);
-      window.localStorage.setItem('token', user.value.token)
+      window.localStorage.setItem("token", user.value.token);
       window.location.replace(url);
     } else {
       router.replace({ name: RouteName.dispatch });

src/app/criminal/view/login/index.vue

@@ -125,10 +125,30 @@ const submitClick = async () => {
 
     const params: any = router.currentRoute.value.query;
     if ("redirect" in params && params.redirect) {
-      const url = new URL(unescape(params.redirect as string));
+      const decodeOnce = (s: string): string => {
+        try {
+          return decodeURIComponent(s);
+        } catch {
+          return s;
+        }
+      };
+
+      const rawRedirect = params.redirect as string;
+      let resolved = decodeOnce(rawRedirect);
+
+      // 若存在嵌套的 redirect 参数，则同样单重解码取其值
+      try {
+        const outerUrl = new URL(resolved, window.location.origin);
+        const nested = outerUrl.searchParams.get("redirect");
+        if (nested) {
+          resolved = decodeOnce(nested);
+        }
+      } catch {}
+
+      const url = new URL(resolved, window.location.origin);
       url.searchParams.delete("token");
       // url.searchParams.append("token", user.value.token);
-      window.localStorage.setItem('token', user.value.token)
+      window.localStorage.setItem("token", user.value.token);
       window.location.replace(url);
     } else {
       router.replace({ name: RouteName.example });

src/app/xmfire/view/login/index.vue

@@ -150,10 +150,30 @@ const submitClick = async () => {
 
     const params: any = router.currentRoute.value.query;
     if ("redirect" in params && params.redirect) {
-      const url = new URL(unescape(params.redirect as string));
+      const decodeOnce = (s: string): string => {
+        try {
+          return decodeURIComponent(s);
+        } catch {
+          return s;
+        }
+      };
+
+      const rawRedirect = params.redirect as string;
+      let resolved = decodeOnce(rawRedirect);
+
+      // 若存在嵌套的 redirect 参数，则同样单重解码取其值
+      try {
+        const outerUrl = new URL(resolved, window.location.origin);
+        const nested = outerUrl.searchParams.get("redirect");
+        if (nested) {
+          resolved = decodeOnce(nested);
+        }
+      } catch {}
+
+      const url = new URL(resolved, window.location.origin);
       url.searchParams.delete("token");
       // url.searchParams.append("token", user.value.token);
-      window.localStorage.setItem('token', user.value.token)
+      window.localStorage.setItem("token", user.value.token);
       window.location.replace(url);
     } else {
       router.replace({ name: RouteName.dispatch });