fix command escaping#302
Merged
ericsciple merged 1 commit intomasterfrom Jan 19, 2020
Merged
Conversation
Contributor
Author
|
also related to actions/runner#267 |
tjamet
added a commit
to actions-go/toolkit
that referenced
this pull request
Jan 17, 2020
There is a fix in actions toolkit: actions/toolkit#302, apply it here as well
tjamet
reviewed
Jan 17, 2020
| // safely append the val - avoid blowing up when attempting to | ||
| // call .replace() if message is not a string for some reason | ||
| cmdStr += `${key}=${escape(`${val || ''}`)}` | ||
| cmdStr += `${key}=${escapeProperty(val)}` |
There was a problem hiding this comment.
I was reading it and thinking that eventually, the function being exported, it is diable for users to run issueCommand('some-command', {'key,1': 'value'}, 'message') that would break the ::name key1=value1,key2=value2::message formatting. would it be something worth taking into account?
Contributor
Author
There was a problem hiding this comment.
It is a limitation of the command format - defined by the runner - that commas are not allowed within a key name.
Today this limitation does not present a problem. All commands (and keys) are first party - not extensible.
We can relax this constraint in the future needed. But not required for any current scenarios.
TingluoHuang
approved these changes
Jan 18, 2020
shogo82148
added a commit
to shogo82148/go-actions-toolkit
that referenced
this pull request
Oct 3, 2020
backport of actions/toolkit#302
chhe
pushed a commit
to chhe/act_runner
that referenced
this pull request
May 1, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@actions/core](https://github.com/actions/toolkit/tree/main/packages/core) ([source](https://github.com/actions/toolkit/tree/HEAD/packages/core)) | [`1.10.0` → `1.11.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.11.1) |  |  | --- ### Release Notes <details> <summary>actions/toolkit (@​actions/core)</summary> ### [`v1.11.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1111) - Fix uses of `crypto.randomUUID` on Node 18 and earlier [#​1842](actions/toolkit#1842) ##### 1.11.0 - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ##### 1.10.1 - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) ##### 1.10.0 - `saveState` and `setOutput` now use environment files if available [#​1178](actions/toolkit#1178) - `getMultilineInput` now correctly trims whitespace by default [#​1185](actions/toolkit#1185) ##### 1.9.1 - Randomize delimiter when calling `core.exportVariable` ##### 1.9.0 - Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#​1102](actions/toolkit#1102) ##### 1.8.2 - Update to v2.0.1 of `@actions/http-client` [#​1087](actions/toolkit#1087) ##### 1.8.1 - Update to v2.0.0 of `@actions/http-client` ##### 1.8.0 - Deprecate `markdownSummary` extension export in favor of `summary` - [#​1072](actions/toolkit#1072) - [#​1073](actions/toolkit#1073) ##### 1.7.0 - [Added `markdownSummary` extension](actions/toolkit#1014) ##### 1.6.0 - [Added OIDC Client function `getIDToken`](actions/toolkit#919) - [Added `file` parameter to `AnnotationProperties`](actions/toolkit#896) ##### 1.5.0 - [Added support for notice annotations and more annotation fields](actions/toolkit#855) ##### 1.4.0 - [Added the `getMultilineInput` function](actions/toolkit#829) ##### 1.3.0 - [Added the trimWhitespace option to getInput](actions/toolkit#802) - [Added the getBooleanInput function](actions/toolkit#725) ##### 1.2.7 - [Prepend newline for set-output](actions/toolkit#772) ##### 1.2.6 - [Update `exportVariable` and `addPath` to use environment files](actions/toolkit#571) ##### 1.2.5 - [Correctly bundle License File with package](actions/toolkit#548) ##### 1.2.4 - [Be more lenient in accepting non-string command inputs](actions/toolkit#405) - [Add Echo commands](actions/toolkit#411) ##### 1.2.3 - [IsDebug logging](README.md#logging) ##### 1.2.2 - [Fix escaping for runner commands](actions/toolkit#302) ##### 1.2.1 - [Remove trailing comma from commands](actions/toolkit#263) - [Add "types" to package.json](actions/toolkit#221) ##### 1.2.0 - saveState and getState functions for wrapper tasks (on finally entry points that run post job) ##### 1.1.3 - setSecret added to register a secret with the runner to be masked from the logs - exportSecret which was not implemented and never worked was removed after clarification from product. ##### 1.1.1 - Add support for action input variables with multiple spaces [#​127](actions/toolkit#127) - Switched ## commands to :: commands (should have no noticeable impact) \[[#​110](https://github.com/actions/toolkit/issues/110))([#​110](https://github.com/actions/toolkit/pull/110)) ##### 1.1.0 - Added helpers for `group` and `endgroup` [#​98](actions/toolkit#98) ##### 1.0.0 - Initial release ### [`v1.11.0`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110) - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ### [`v1.10.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101) - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/880 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fixes #301