Review risks of leaking internal variables

blekhmanlab / rxivist

API providing access to papers and authors scraped from biorxiv.org

https://rxivist.org

GNU Affero General Public License v3.0

60 stars 11 forks source link

Closed rabdill closed 6 years ago

rabdill commented 6 years ago

If someone posts a paper with a string that will print a password, that would not be ideal http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/

rabdill commented 6 years ago

This is only a problem if you call .format() ON user input, not passing user input TO .format(), nevermind