[QGIS-Developer] Existing plugin versions should not be marked with "security issues"

Greg Troxel gdt at lexort.com
Fri Jun 19 05:21:18 PDT 2026


Etienne Trimaille via QGIS-Developer <qgis-developer at lists.osgeo.org>
writes:

> As Julien said, It seems that just a call to "format" with a Python
> dictionary might be enough for now :
>
> sql = "SELECT * FROM {schema}.foo"params = {
>     "schema": "test",
> }sql = sql.format(**params)

(That code is hard to read given likely bad HTML formatting, but I get
the point.)

How is this different from telling the scanner to ignore it?  It seems
like laundering input via steps the scanner doesn't follow.


More information about the QGIS-Developer mailing list