Abhishekmishra2808 opened a new pull request, #585: URL: https://github.com/apache/tooling-trusted-releases/pull/585
This PR fixes a class of potential XSS issues caused by unescaped substitution of untrusted values into Markdown templates. The change introduces a single, centralized substitution helper that automatically HTML-escapes all substituted values, eliminating scattered `.replace()` logic and preventing future regressions. Trusted URLs and pre-rendered Markdown content are injected explicitly after substitution to preserve existing behavior. Fixes #554 * [x] I have read and followed **CONTRIBUTING.md** * [x] I have read **DEVELOPMENT.md** * [x] I have run the required tests and checks locally * [x] All required checks are currently passing * [x] This branch is **rebased on the current `main` branch** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
