Use fromJSON

nvdaes · Feb 2, 2024 · 0889ed3 · 0889ed3
1 parent efbe968
commit 0889ed3
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/.github/workflows/sendJsonFile.yml b/.github/workflows/sendJsonFile.yml
@@ -51,12 +51,12 @@ jobs:
       env:
         # transfer user input to env variables to escape any code
         # https://blog.gitguardian.com/github-actions-security-cheat-sheet/
-        channel: ${{ toJSON(steps.get-data.outputs.releaseChannel) }}
-        publisher: ${{ steps.get-data.outputs.publisher }}
-        sourceUrl: ${{ steps.get-data.outputs.sourceUrl }}
-        url: ${{ steps.get-data.outputs.downloadUrl }}
-        licName: ${{ steps.get-data.outputs.licenseName }}
-        licUrl: ${{ steps.get-data.outputs.licenseURL }}
+        channel: ${{ fromJSON(steps.get-data.outputs.releaseChannel) }}
+        publisher: ${{ fromJSON(steps.get-data.outputs.publisher) }}
+        sourceUrl: ${{ fromJSON(steps.get-data.outputs.sourceUrl) }}
+        url: ${{ fromJSON(steps.get-data.outputs.downloadUrl) }}
+        licName: ${{ fromJSON(steps.get-data.outputs.licenseName) }}
+        licUrl: ${{ fromJSON(steps.get-data.outputs.licenseURL) }}
       # wrap all user input in quotations to prevent RCE e.g. www.example.com/&rm -rf
       run: |
         validation/runcreatejson `