jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 03:16:52 -05:00
Code Issues Projects Releases Wiki Activity

Add warning about delimiter injection (#29882)

Browse Source
This commit is contained in:
Cory Miller
2022-08-12 12:52:00 -04:00
committed by GitHub
parent 10c492e5d4
commit 0946142dae
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/actions/using-workflows/workflow-commands-for-github-actions.md
View File

@@ -628,6 +628,12 @@ For multiline strings, you may use a delimiter with the following syntax.
{delimiter}
```
{% warning %}
**Warning:** Make sure the delimiter you're using is randomly generated and unique for each run. For more information, see "[Understanding the risk of script injections](/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)".
{% endwarning %}
#### Example
This example uses `EOF` as a delimiter, and sets the `JSON_RESPONSE` environment variable to the value of the `curl` response.