Figure out if this is really an issue
tsmarsh opened this issue · comments
Tom Marsh commented
The point is valid, but parsing a template is kind of the point.
We could explore a safer regex, but given that the only code that would be vulnerable to it is the code that calls it, I think the issue should be resolved there.
Tracking issue for:
Tom Marsh commented
This could be an issue but only if the consuming application shoots itself in the foot. Hopefully, that would be caught by there testing.