From 3b5f018f7025a347e4888408b566caeaef2fabd7 Mon Sep 17 00:00:00 2001
From: Carlo Sala <carlosalag@protonmail.com>
Date: Fri, 2 Aug 2024 17:00:55 +0200
Subject: [PATCH] fix(toolbox): avoid prompt injection

---
 plugins/toolbox/toolbox.plugin.zsh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/plugins/toolbox/toolbox.plugin.zsh b/plugins/toolbox/toolbox.plugin.zsh
index 031c0f754..b9a594c09 100644
--- a/plugins/toolbox/toolbox.plugin.zsh
+++ b/plugins/toolbox/toolbox.plugin.zsh
@@ -3,7 +3,9 @@ function toolbox_prompt_info() {
 }
 
 function toolbox_prompt_name() {
-  [[ -f /run/.containerenv ]] && cat /run/.containerenv | awk -F\" '/name/ { print$2 }'
+  [[ -f /run/.containerenv ]] || return
+  local _to_print="$(cat /run/.containerenv | awk -F\" '/name/ { print$2 }')"
+  echo ${_to_print:gs/%/%%}
 }
 
 alias tbe="toolbox enter"