diff --git a/IPython/html/auth/login.py b/IPython/html/auth/login.py
index 3bfc676..85ec204 100644
--- a/IPython/html/auth/login.py
+++ b/IPython/html/auth/login.py
@@ -25,7 +25,11 @@ class LoginHandler(IPythonHandler):
def get(self):
if self.current_user:
- self.redirect(self.get_argument('next', default=self.base_url))
+ next_url = self.get_argument('next', default=self.base_url)
+ if not next_url.startswith(self.base_url):
+ # require that next_url be absolute path within our path
+ next_url = self.base_url
+ self.redirect(next_url)
else:
self._render()
@@ -47,8 +51,12 @@ class LoginHandler(IPythonHandler):
else:
self._render(message={'error': 'Invalid password'})
return
-
- self.redirect(self.get_argument('next', default=self.base_url))
+
+ next_url = self.get_argument('next', default=self.base_url)
+ if not next_url.startswith(self.base_url):
+ # require that next_url be absolute path within our path
+ next_url = self.base_url
+ self.redirect(next_url)
@classmethod
def get_user(cls, handler):