[QGIS-Developer] Existing plugin versions should not be marked with "security issues"
Greg Troxel
gdt at lexort.com
Fri Jun 19 05:21:18 PDT 2026
Etienne Trimaille via QGIS-Developer <qgis-developer at lists.osgeo.org>
writes:
> As Julien said, It seems that just a call to "format" with a Python
> dictionary might be enough for now :
>
> sql = "SELECT * FROM {schema}.foo"params = {
> "schema": "test",
> }sql = sql.format(**params)
(That code is hard to read given likely bad HTML formatting, but I get
the point.)
How is this different from telling the scanner to ignore it? It seems
like laundering input via steps the scanner doesn't follow.
More information about the QGIS-Developer
mailing list