Open redirect bug crashes the app

[FlorianCassayre]

Package version (if known): 1.0.0-alpha.75 (latest at present time)

Describe the bug

The app attempts to push a URL with a different origin to the history, which is illegal (luckily in this case), and thus crashes the app.

Steps to Reproduce

1. Navigate to https://catalogue.library.cern/login?next=/%09/example.com (the login page, but with a special payload in the query parameters)
2. Sign in
3. After the redirection the browser shows a blank page. Devtools logged the following error:

DOMException: Failed to execute 'pushState' on 'History': A history state object with URL 'https://example.com/' cannot be created in a document with origin 'https://catalogue.library.cern' and URL 'https://catalogue.library.cern/login?message=Successfully+authorized.&code=200&next_url=%2F%2509%2Fexample.com'.

Expected behavior

The app should not crash nor attempt to redirect to a different origin, regardless the provided redirection parameter.

Additional context

Notice how //example.com or https%3A//example.com don't work, but /%09/example.com does. %09 stands for encoded tabulation.