1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

fix: avoid expression injection (#4157)

## About the changes
Using toJSON should escape any potentially harmful content from the
username and email input
This commit is contained in:
Gastón Fournier 2023-07-06 09:52:50 +02:00 committed by GitHub
parent dd32e8ae0d
commit 05c6f42f7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -38,7 +38,7 @@ jobs:
ref: 'master',
inputs: {
commit: "${{ github.event.head_commit.id }}",
actor: "${{ env.COMMIT_ACTOR }}",
actor: ${{ toJSON(env.COMMIT_ACTOR) }},
message: ${{ toJSON(github.event.head_commit.message) }},
}
})