rm5248 commented on issue #1918:
URL:
https://github.com/apache/logging-log4j2/issues/1918#issuecomment-1858573320
```
// Mixing the two approaches: a recipe for pattern specifier injection:
// E.g. if name contains '{}'.
logger.info("Hello " + name + "! My name is {}.", myName);
```
It would be good to expand on this a bit more, perhaps something like:
>
>Mixing the two approaches can lead to undesired results. For example,
let's say that we prompt the user for their name, and they tell us their name
is `{}`. If our log statement looks like the following:
>```
>logger.info("Hello " + name + "! My name is {}.", myName);
>```
> That results in a log message of "Hello myName! My name is {}".
An MCVE would probably be appropriate here to show the (likely unintended)
behavior.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
