vip-scanner icon indicating copy to clipboard operation
vip-scanner copied to clipboard

Published 20 hours ago verified publisher icon Automattic

Flag Missed Escaping

Open joshbetz opened this issue 10 years ago • 0 comments

We should flag missed escaping.

I do a check with ack, like:

ack 'echo \$'
ack 'echo get'

This finds a majority of missed escaping of variables as well as unescaped core functions. We should probably mark these as notes because there's likely to be some false positives.

joshbetz avatar Apr 04 '14 23:04 joshbetz