Skip to content

prevent url injection to api calls

o@immerda.ch requested to merge fixApiInjetion into main

not properly construting the url is quite dangerous as user controlled input can lead to injection of arbitrary paths and query parameters into the url.

this changes the arcavis.server config to contain only the hostname and nothing else.

Merge request reports

Loading