You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently we split the component query parameter into name/version before validating.
This allowed an invalid component name to be passed through if it contained an @ symbol e.g. @financial-times/o-table@[naughty]@^0.0.1
This PR ignores anything after the first @. It would be better/safer
to validate the whole parameter content first before processing. #569
The text was updated successfully, but these errors were encountered:
Currently we split the component query parameter into name/version before validating.
This allowed an invalid component name to be passed through if it contained an
@
symbol e.g.@financial-times/o-table@[naughty]@^0.0.1
This PR ignores anything after the first
@
. It would be better/saferto validate the whole parameter content first before processing.
#569
The text was updated successfully, but these errors were encountered: