On Thu, 24 Jun 2021 at 1:09 am, Bruce Weirdan <weir...@gmail.com> wrote:
> > - String + int concatenation isn't an injection risk. > > I think this demonstrates it very well could be: > https://externals.io/message/114988#115038 That’s the developer choosing to use a variable, and it’s no different than the developer using a library to add the value via proper quoting/escaping. Craig
