From 56b0b1489151731046a40ddb3ba9f431fa36a261 Mon Sep 17 00:00:00 2001
From: rindeal <dev.rindeal@gmail.com>
Date: Sun, 7 Jul 2024 07:14:29 +0200
Subject: [PATCH] README: prevent code injection in an example

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index eb3ab808..d7609347 100644
--- a/README.md
+++ b/README.md
@@ -144,9 +144,9 @@ A multiline `client-payload` can be set directly in YAML, as in the following ex
                 "tag": "${{ needs.build_cfg.outputs.REPO_TAG }}"
               },
               "deployment": {
-                "project": "${{ env.MY_PROJECT }}",
-                "container": "${{ env.MY_CONTAINER }}",
-                "deploy_msg": "${{ env.SLACK_DEPLOY_MSG }}",
+                "project":    ${{ toJSON(env.MY_PROJECT) }},
+                "container":  ${{ toJSON(env.MY_CONTAINER) }},
+                "deploy_msg": ${{ toJSON(env.SLACK_DEPLOY_MSG) }},
               }
             }
 ```