From d6455d3ba10e179ec22e585427f7742b0081e3ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emilio=20L=C3=B3pez?= <emilio.lopez@trailofbits.com>
Date: Wed, 17 May 2023 10:40:46 -0300
Subject: [PATCH] Improve markdown checklist example in README

The example did not escape the markdown document correctly. Use an
environment variable instead of direct string interpolation to consume
the document safely in the github-script action.

Closes #59
---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2a6967e..8b5b51a 100644
--- a/README.md
+++ b/README.md
@@ -361,11 +361,13 @@ jobs:
     - name: Create/update checklist as PR comment
       uses: actions/github-script@v6
       if: github.event_name == 'pull_request'
+      env:
+        REPORT: ${{ steps.slither.outputs.stdout }}
       with:
         script: |
           const script = require('.github/scripts/comment')
           const header = '# Slither report'
-          const body = `${{ steps.slither.outputs.stdout }}`
+          const body = process.env.REPORT
           await script({ github, context, header, body })
 ```