You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
E.g. if you escape ` and $ already in advance, an additional escaping will be applied to `, resulting in \\`, which does not escape ` but \. This can result in unintentionally executed commands surrounded by ` which were already escaped and thus assumed to be safe.
The repository seems large inactive, I still wanted to leave this issue in case it is helpful for someone.
Thanks,
Matthias
The text was updated successfully, but these errors were encountered:
Hi,
the escaping of passed environment variables applies additional escaping to
"and`:https://github.com/adamwiggins/rush/blob/master/lib/rush/box.rb#L85
E.g. if you escape
`and$already in advance, an additional escaping will be applied to`, resulting in\\`, which does not escape`but\. This can result in unintentionally executed commands surrounded by`which were already escaped and thus assumed to be safe.The repository seems large inactive, I still wanted to leave this issue in case it is helpful for someone.
Thanks,
Matthias
The text was updated successfully, but these errors were encountered: