mirror of
https://github.com/supabase/supabase.git
synced 2026-07-04 18:34:26 +08:00
We allow fetching external data in CodeSamples into a MDX environment, so we have to be careful about preventing code execution. Current checks: - External data is inserted as a code block (via the AST, not direct string manipulation), so it is escaped. Added two new layers of checks: - Allow-list of organizations, currently set to Supabase-only - Only allow immutable commit references