[MNY-310] Improve login redirect path validation

Author: MananTank

apps/dashboard/src/app/login/isValidEncodedRedirectPath.ts

@@ -1,10 +1,11 @@
 export function isValidEncodedRedirectPath(encodedPath: string): boolean {
   try {
-    // Decode the URI component
     const decodedPath = decodeURIComponent(encodedPath);
-    // ensure the path always starts with a _single_ slash
-    // double slash could be interpreted as `//example.com` which is not allowed
-    return decodedPath.startsWith("/") && !decodedPath.startsWith("//");
+    if (!decodedPath.startsWith("/")) {
+      return false;
+    }
+    const url = new URL(decodedPath, "https://thirdweb.com");
+    return url.hostname === "thirdweb.com";
   } catch {
     // If decoding fails, return false
     return false;