Skip to content

Update actions-vars-context-example-usage.md#25162

Merged
jc-clark merged 3 commits intogithub:mainfrom
jessehouwing:patch-2
Apr 26, 2023
Merged

Update actions-vars-context-example-usage.md#25162
jc-clark merged 3 commits intogithub:mainfrom
jessehouwing:patch-2

Conversation

@jessehouwing
Copy link
Copy Markdown
Contributor

@jessehouwing jessehouwing commented Apr 21, 2023
edited
Loading

The docs should not be showing too many example that would open up the workflows for script injection. Moving the injected variables to the steps env section instead and referencing those.

Why:

Closes: #25163

What's being changed (if available, include any code snippets, screenshots, or gifs):

Check off the following:

  • I have reviewed my changes in staging (look for the "Automatically generated comment" and click the links in the "Preview" column to view your latest changes).
  • For content changes, I have completed the self-review checklist.

@jessehouwing
Update actions-vars-context-example-usage.md
e06c61b 
The docs should not be showing too many example that would open up the workflows for script injection. Moving the injected variables to the steps env section instead and referencing those.
@jessehouwing
Merge branch 'main' into patch-2
32901d1
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 21, 2023
MmohammedalA

This comment was marked as spam.

Sign in to view

@cmwilson21
Copy link
Copy Markdown
Contributor

cmwilson21 commented Apr 24, 2023

@jessehouwing Thanks so much for opening a PR! I'll get this triaged for review ⚡

@cmwilson21 cmwilson21 added content This issue or pull request belongs to the Docs Content team actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Apr 24, 2023
jc-clark
jc-clark approved these changes Apr 26, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@jc-clark jc-clark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked in with the Actions team and this change looks great. Thank you for the contribution @jessehouwing! I'll go ahead and merge this.

@jc-clark jc-clark enabled auto-merge April 26, 2023 19:35
@jc-clark jc-clark added this pull request to the merge queue Apr 26, 2023
Merged via the queue into github:main with commit ecc5b5a Apr 26, 2023
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 26, 2023

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jc-clark jc-clark jc-clark approved these changes

+1 more reviewer

@MmohammedalA MmohammedalA MmohammedalA left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Using the vars context to access configuration variable values example vulnerable to script injection

4 participants

@jessehouwing @cmwilson21 @jc-clark @MmohammedalA