summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorjonathan2021-12-28 21:21:25 +0000
committerstuebinm2022-01-02 01:55:49 +0100
commit4693dd8604253a24bbda9ea7f60e158eba3fa1a3 (patch)
tree793c04fbe79ad5c85ee3d90595d19d9e516c99a5 /lib
parent520e94e98f4c03bc738c4903ac53b83b08beb975 (diff)
fixed url injection by means of starting an url with "." and turning the prefix into a subdomain
Diffstat (limited to 'lib')
-rw-r--r--lib/Properties.hs2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Properties.hs b/lib/Properties.hs
index c4fc458..3d9b30f 100644
--- a/lib/Properties.hs
+++ b/lib/Properties.hs
@@ -480,7 +480,7 @@ checkTileLayerProperty p@(Property name _value) = case name of
-> do
properties <- askContext <&> getProperties
unless (all (\(Property name value) -> case value of
- StrProp str -> name /= "openWebsite" || "https://static.rc3.world" `isPrefixOf` str
+ StrProp str -> name /= "openWebsite" || "https://static.rc3.world/" `isPrefixOf` str
_ -> True
) properties)
$ complain "\"openWebsiteAllowApi\" can only be used with websites hosted \