Abhishekmishra2808 commented on issue #554: URL: https://github.com/apache/tooling-trusted-releases/issues/554#issuecomment-3776600214
Hello @andrewmusselman ! I'd like to take this up. The plan is to implement a safe substitution helper in atr/construct.py to ensure all database values (like`project.short_display_name`) are HTML-escaped before being injected into the Markdown. This will address the XSS risk and comply with ASVS 1.2.3. Please assign it to me! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
