Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove slug from the "package not found" error message.
A user reported that the slug could be used for content injection attacks. While it's impossible to inject HTML/CSS/JS code, even plain text can theoretically be abused for social engineering purposes. I'd like to allow relatively free-form slugs (basically, any valid file name can be a slug), so there doesn't seem to be a way to eliminate this kind of risk other than just not showing the slug.
- Loading branch information