Comments (5)
Hey @lupinitylabs. I feel like this isn't really dangerous as it's up to the developer to sanitise an input for the field method. Of course, you're welcome to attempt the PR to see what Taylor thinks. Thanks
from slack-notification-channel.
How would you sanitize this? The only possibility I would see is to check using is_callable()
during validation if the value you try to put there is actually callable, and then filter it out...
Besides this, I feel that it is a bit of a nuisance to have to try to come up with field titles that are not function names... 😕
from slack-notification-channel.
Isn't $attachment->field('dd', 'Whoops')
userland code? Just don't pass dd
as an argument there?
from slack-notification-channel.
I can imagine several occasions where you send a slack message to a user where the user might be able to define the titles of the attachment fields. So, from my point of view, either this is flagged as something bad, and you should never use attachments even with escaped and sanitized user-provided data (then there should probably be a warning in the docs), or measures should be taken that these unexpected side-effects are not occurring? 🤔
from slack-notification-channel.
I personally don't see a situation where a user would ever fill this out themselves but if you do feel free to attempt a PR to improve this 👍
from slack-notification-channel.
Related Issues (20)
- slack warning message HOT 1
- Not possible to use "Date" as the name of a field HOT 1
- Unable to disable link and media unfurling HOT 1
- Laravel 7 Support
- "From" is not supported HOT 8
- Driver not supported when slack notification is implemented with queue jobs HOT 1
- PHP 8.0 support HOT 1
- SlackAttachment::timestamp() not setting date correctly HOT 2
- Function to() doesn't work HOT 7
- Slack notifications not working, unable to create legacy incoming webhook HOT 2
- Full support of Slack Blocks HOT 4
- Argument #1 ($message) must be of type Illuminate\Notifications\Slack\SlackMessage HOT 5
- No upgrade guide for upgrading from v2 to v3 HOT 1
- Allow `Attachement` type with the new `Block Kit` HOT 8
- Add colored bars to sections/blocks HOT 1
- Please document how to use SlackAttacments HOT 1
- No way to disable unfurl_links or unfurl_media HOT 6
- InputBlock missing. HOT 1
- Error using Illuminate\Notifications\Slack\SlackMessage buildJsonPayload HOT 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slack-notification-channel.