diff --git a/src/Blogifier.Admin/Pages/Account/Login.razor.cs b/src/Blogifier.Admin/Pages/Account/Login.razor.cs
index 657e65761..4d9ae4c2b 100644
--- a/src/Blogifier.Admin/Pages/Account/Login.razor.cs
+++ b/src/Blogifier.Admin/Pages/Account/Login.razor.cs
@@ -1,5 +1,6 @@
 using Blogifier.Shared;
 using Microsoft.AspNetCore.WebUtilities;
+using System;
 using System.Linq;
 using System.Net.Http.Json;
 using System.Threading.Tasks;
@@ -11,18 +12,18 @@ public partial class Login
 		public bool showError = false;
 		public LoginModel model = new LoginModel { Email = "", Password = "" };
 
-        public async Task LoginUser()
+      public async Task LoginUser()
 		{
-            var returnUrl = "admin/";
-            var uri = _navigationManager.ToAbsoluteUri(_navigationManager.Uri);
+         var returnUrl = "admin/";
+         var uri = _navigationManager.ToAbsoluteUri(_navigationManager.Uri);
 
-            if (QueryHelpers.ParseQuery(uri.Query).TryGetValue("returnUrl", out var param))
-                returnUrl = param.First();
-
-			if(returnUrl.StartsWith("http"))
+         if (QueryHelpers.ParseQuery(uri.Query).TryGetValue("returnUrl", out var param))
+            returnUrl = param.First();
+		
+			if(!IsLocalUrl(returnUrl))
 				returnUrl = "admin/";
 
-            var result = await Http.PostAsJsonAsync<LoginModel>("api/author/login", model);
+         var result = await Http.PostAsJsonAsync<LoginModel>("api/author/login", model);
 
 			if (result.IsSuccessStatusCode)
 			{
@@ -35,5 +36,14 @@ public async Task LoginUser()
 				StateHasChanged();
 			}
 		}
+
+		static bool IsLocalUrl(string url)
+		{
+			if(url.Contains("//"))
+				return false;
+
+			Uri result;
+			return Uri.TryCreate(url, UriKind.Relative, out result);
+		}
 	}
 }
diff --git a/src/Blogifier.Admin/Pages/Blog/PostsView.razor b/src/Blogifier.Admin/Pages/Blog/PostsView.razor
index 92e316a80..ea7167d36 100644
--- a/src/Blogifier.Admin/Pages/Blog/PostsView.razor
+++ b/src/Blogifier.Admin/Pages/Blog/PostsView.razor
@@ -81,26 +81,27 @@
 
 @if (Posts != null && Posts.Count > 0)
 {
-    <ul class="list" aria-label="posts">
-        <Virtualize Items="Posts" Context="post">
-
-            @{
-                string pubDate = post.Published > DateTime.MinValue ? post.Published.ToFriendlyShortDateString() : @_localizer["draft"];
-                string pubStatus = post.Published > DateTime.MinValue ? "published" : "";
-                string featured = post.IsFeatured ? "featured" : "";
-            }
-
-            <li class="list-item">
-                <label class="list-check form-check" data-bs-toggle="tooltip" title="@_localizer["select"]">
-                    <input type="checkbox" @bind="post.Selected" class="list-check-input form-check-input">
-                </label>
-                <a class="list-title -link" href="/admin/editor/@post.Slug">
-                    @post.Title
-                </a>
-                <span class="list-text -nowrap ms-auto">
-                    @pubDate
-                </span>
-                <button class="list-btn" @onclick="(async () => await Publish(post))">
+    <div style="height:650px;overflow-y:scroll">
+        <ul class="list" aria-label="posts">
+            <Virtualize Items="Posts" Context="post">
+
+                @{
+                    string pubDate = post.Published > DateTime.MinValue ? post.Published.ToFriendlyShortDateString() : @_localizer["draft"];
+                    string pubStatus = post.Published > DateTime.MinValue ? "published" : "";
+                    string featured = post.IsFeatured ? "featured" : "";
+                }
+
+                <li class="list-item">
+                    <label class="list-check form-check" data-bs-toggle="tooltip" title="@_localizer["select"]">
+                        <input type="checkbox" @bind="post.Selected" class="list-check-input form-check-input">
+                    </label>
+                    <a class="list-title -link" href="/admin/editor/@post.Slug">
+                        @post.Title
+                    </a>
+                    <span class="list-text -nowrap ms-auto">
+                        @pubDate
+                    </span>
+                    <button class="list-btn" @onclick="(async () => await Publish(post))">
                     @if (@pubStatus == "published")
                     {
                         <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="currentColor" class="bi bi-check link-success" viewBox="0 0 16 16" data-bs-toggle="tooltip" title="@_localizer["published"]">
@@ -113,8 +114,8 @@
                             <path d="M6 12.5C6 11.6716 6.67157 11 7.5 11H16.5C17.3284 11 18 11.6716 18 12.5C18 13.3284 17.3284 14 16.5 14H7.5C6.67157 14 6 13.3284 6 12.5Z" />
                         </svg>
                     }
-                </button>
-                <button class="list-btn" @onclick="(async () => await Featured(post))">
+                    </button>
+                    <button class="list-btn" @onclick="(async () => await Featured(post))">
                     @if (@featured == "featured")
                     {
                         <svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-star-fill link-gold" viewBox="0 0 16 16" data-bs-toggle="tooltip" title="@_localizer["featured"]">
@@ -127,17 +128,18 @@
                             <path d="M3.612 15.443c-.386.198-.824-.149-.746-.592l.83-4.73L.173 6.765c-.329-.314-.158-.888.283-.95l4.898-.696L7.538.792c.197-.39.73-.39.927 0l2.184 4.327 4.898.696c.441.062.612.636.282.95l-3.522 3.356.83 4.73c.078.443-.36.79-.746.592L8 13.187l-4.389 2.256z"/>
                         </svg>
                     }
-                </button>
-                <a class="list-btn" href="posts/@post.Slug" target="_blank">
-                    <svg class="bi" width="15" height="15" viewBox="0 0 16 16" fill="currentColor" xmlns="http://www.w3.org/2000/svg" data-bs-toggle="tooltip" title="@_localizer["view"]">
-                        <path d="M7.85724 2.17097L6 4L7 5L8.93201 3.24577C9.89935 2.27845 11.4719 2.27845 12.4393 3.24577C13.4066 4.21308 13.4066 5.78571 12.4393 6.75303L10.5141 8.75674L11.5141 9.75674L13.5141 7.82783C15.0754 6.26652 15.0754 3.73225 13.5141 2.17094C11.9528 0.609657 9.41852 0.609688 7.85724 2.17097Z" />
-                        <path d="M3.24575 12.4392C2.2784 11.4719 2.2784 9.89935 3.24575 8.93201L5 7L4 6L2.17098 7.85721C0.609703 9.41849 0.609642 11.9528 2.17098 13.514C3.73226 15.0753 6.26656 15.0753 7.82784 13.514L9.5141 11.7567L8.5141 10.7567L6.75301 12.4392C5.78573 13.4066 4.2131 13.4066 3.24575 12.4392Z" />
-                        <path d="M4.99941 9.55426L9.52486 5.02878L10.6563 6.16016L6.13076 10.6856L4.99941 9.55426Z" />
-                    </svg>
-                </a>
-            </li>
-        </Virtualize>
-    </ul>
+                    </button>
+                    <a class="list-btn" href="posts/@post.Slug" target="_blank">
+                        <svg class="bi" width="15" height="15" viewBox="0 0 16 16" fill="currentColor" xmlns="http://www.w3.org/2000/svg" data-bs-toggle="tooltip" title="@_localizer["view"]">
+                            <path d="M7.85724 2.17097L6 4L7 5L8.93201 3.24577C9.89935 2.27845 11.4719 2.27845 12.4393 3.24577C13.4066 4.21308 13.4066 5.78571 12.4393 6.75303L10.5141 8.75674L11.5141 9.75674L13.5141 7.82783C15.0754 6.26652 15.0754 3.73225 13.5141 2.17094C11.9528 0.609657 9.41852 0.609688 7.85724 2.17097Z" />
+                            <path d="M3.24575 12.4392C2.2784 11.4719 2.2784 9.89935 3.24575 8.93201L5 7L4 6L2.17098 7.85721C0.609703 9.41849 0.609642 11.9528 2.17098 13.514C3.73226 15.0753 6.26656 15.0753 7.82784 13.514L9.5141 11.7567L8.5141 10.7567L6.75301 12.4392C5.78573 13.4066 4.2131 13.4066 3.24575 12.4392Z" />
+                            <path d="M4.99941 9.55426L9.52486 5.02878L10.6563 6.16016L6.13076 10.6856L4.99941 9.55426Z" />
+                        </svg>
+                    </a>
+                </li>
+            </Virtualize>
+        </ul>
+    </div>
 }
 else
 {