Page MenuHomePhabricator

Escape Blubber config values when compiling to Dockerfile
Closed, ResolvedPublic


The Dockerfile compiler doesn't currently escape any config values when writing its instructions to the buffer. This may cause unexpected breakage and should also be considered a vulnerability open to instruction injection. Let's escape these values.

Revisions and Commits