## If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code. #540
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code.
If untrusted data (data from HTTP requests, user submitted files, etc.) is included in an setTimeout statement it can allow an attacker to inject their own code.
Review setTimeout for untrusted data
Show more details
_Originally posted by @github-advanced-security in https://github.com/Bryan-Roe/semantic-kernel/pull/519#discussion_r1703149977_