Hi, Can you open a bug upstream? I would prefer to go with a fix approved by upstream.
Also I'm not sure I understand under which circumstances the content of '$value' could be controlled by an 'adversary'? Can you explain shortly what would be an exploitation scenario you envision?
Thanks, Michael
