From 45bc9d9ae3614d02b8cc92c0d6f5c6eb1e70e0a9 Mon Sep 17 00:00:00 2001 From: soon <0coming.soon@gmail.com> Date: Wed, 24 Apr 2019 15:05:02 +0500 Subject: [PATCH] Minor docs changes (#252) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ddeed5897..5067cede3 100644 --- a/README.md +++ b/README.md @@ -137,8 +137,8 @@ We recommend you specify exact versions of lint libraries, including `tslint-mic
child_process.exec(cmd)
runs cmd
as a shell command which allows attacker to execute malicious code injected into cmd
string.
+ It is dangerous to pass a string constructed at runtime as the first argument to the child_process.exec()
.
+ child_process.exec(cmd)
runs cmd
as a shell command which could allow an attacker to execute malicious code injected into cmd
.
Instead of child_process.exec(cmd)
you should use child_process.spawn(cmd)
or specify the command as a literal, e.g. child_process.exec('ls')
.