File tree Expand file tree Collapse file tree 1 file changed +4
-1
lines changed
Expand file tree Collapse file tree 1 file changed +4
-1
lines changed Original file line number Diff line number Diff line change @@ -211,6 +211,9 @@ jobs:
211211 const commitSha = context.payload.pull_request.head.sha;
212212 const branchName = context.payload.pull_request.head.ref;
213213
214+ // Security: Sanitize branch name for safe display in Markdown
215+ const safeBranchName = branchName.replace(/[`\[\]]/g, '\\$&');
216+
214217 let allPassed = checkResult.lintConclusion === 'success' && checkResult.dockerConclusion === 'success';
215218 let emoji = allPassed ? '✅' : '❌';
216219 let status = allPassed ? 'Passed' : 'Failed';
@@ -247,7 +250,7 @@ jobs:
247250 }
248251
249252 body += `**Commit:** \`${commitSha}\`\n`;
250- body += `**Branch:** \`${branchName }\`\n`;
253+ body += `**Branch:** \`${safeBranchName }\`\n`;
251254
252255 if (checkResult.lintUrl || checkResult.dockerUrl) {
253256 body += `\n**🔗 View Details:**\n`;
You can’t perform that action at this time.
0 commit comments