Closed joshmgross closed 2 weeks ago
It's recommended to pass expressions into actions/github-script via env - this avoids issues with special characters or other syntax that could be interpreted as JavaScript.
actions/github-script
env
https://github.com/actions/github-script#use-env-as-input
This also serves to avoid any potential script injections - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
It's recommended to pass expressions into
actions/github-script
viaenv
- this avoids issues with special characters or other syntax that could be interpreted as JavaScript.https://github.com/actions/github-script#use-env-as-input
This also serves to avoid any potential script injections - https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable