New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new script injection input #332
base: main
Are you sure you want to change the base?
Conversation
Unfortunately this PR is not acceptable straight forward because
But it's good point that accessing |
Sorry for the valid tests that I removed. The problem I want to fix with this PR is the use of this expression in run scripts The solution is not to ban We could change the |
I propose a new solution for matching all element like in env I'm using Sorry for all the commits I was confused with my branches and my local repo. |
I think banning |
Hi @rhysd any update on this PR ? I've opened an issue with more details as you asked :) |
78e9286
to
0b49da7
Compare
I've added a new entry in BuiltinUntrustedInputs because I already saw something like this where It's possible to inject code in the runner from an opened issue:
I changed a lot of tests to make it work I hope it will be ok.