Avoid Script Injection from Untrusted Variables

Description

Ensure script injection is prevented by avoiding untrusted context variables

Dashboard Inclusion

We use the column has_preventScriptInjection_policy from the table projects to calculate the status, this column is populated using the bulk importer. More information

Details

• Default Category: github workflows
• Default Priority Group: P11
• Implementation Details: It is manual (details).
• C-SCRM: true
• Mitre: CWE-454
• Mitre: CAPEC-242
• Sources: OpenSSF Scorecard
• How To: Github Docs