Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Code Issues Projects Releases Wiki Activity

fix: avoid expression injection (#4157)

Browse Source 
## About the changes
Using toJSON should escape any potentially harmful content from the
username and email input
This commit is contained in:
Gastón Fournier 2023-07-06 09:52:50 +02:00 committed by GitHub
parent dd32e8ae0d
commit 05c6f42f7b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/notify_enterprise.yaml vendored
View File

@ -38,7 +38,7 @@ jobs:
ref: 'master', ref: 'master',
inputs: { inputs: {
commit: "${{ github.event.head_commit.id }}", commit: "${{ github.event.head_commit.id }}",
actor: "${{ env.COMMIT_ACTOR }}", actor: ${{ toJSON(env.COMMIT_ACTOR) }},
message: ${{ toJSON(github.event.head_commit.message) }}, message: ${{ toJSON(github.event.head_commit.message) }},
} }
}) })