|
|
|
|
|
|
by fooyc
1597 days ago
|
|
|
> jo normally treats value as a literal string value, unless it begins with one of the following characters:
> value action
> @file substitute the contents of file as-is
> %file substitute the contents of file in base64-encoded form
> :file interpret the contents of file as JSON, and substitute the result
This is convenient but also very dangerous. This feature will cause the content of an arbitrary file to be embed in the JSON if any value starts with a `@`, `%`, or `:`.This will be a source of bugs or security issues for any script generating json with dynamic values. |
|
|