mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
fix: avoid expression injection (#4157)
## About the changes Using toJSON should escape any potentially harmful content from the username and email input
This commit is contained in:
parent
dd32e8ae0d
commit
05c6f42f7b
2
.github/workflows/notify_enterprise.yaml
vendored
2
.github/workflows/notify_enterprise.yaml
vendored
@ -38,7 +38,7 @@ jobs:
|
||||
ref: 'master',
|
||||
inputs: {
|
||||
commit: "${{ github.event.head_commit.id }}",
|
||||
actor: "${{ env.COMMIT_ACTOR }}",
|
||||
actor: ${{ toJSON(env.COMMIT_ACTOR) }},
|
||||
message: ${{ toJSON(github.event.head_commit.message) }},
|
||||
}
|
||||
})
|
||||
|
Loading…
Reference in New Issue
Block a user