Open I-Dont-Remember opened 1 year ago
"
double quotes from variables. Unescaped ones manually added should get caught during Step edit because of the JSON validation we run.Unless some other super common substring crops up as having issues, extending this seems like a Nice-to-Have
rather than a Need-to-Do
.
Inspired by the same quote as this JSON Sanitizer:
Workflow Buddy accepts a bunch of JSON from plain-text forms that are easy to muck up, especially once you take into account Slack inserts variables at runtime that can have ANY garbage, anything at all.
What is the flow of data?
Step 2: During Workflow Step execution, Slack replaces the placeholders without doing any type of sanitization - that's left up to us since we are using the plain-text input in a non-standard way (not really meant to be a JSON input, oops 🤷♀️)
variable value:
text that is not escaped or clean and contains "quotes", colons: and anything else
Why can this be a problem? JSON parsers DO NOT like random unescaped
"
characters throwing off their parsing.