Skip to content

fix: allow # character in branch name validation#956

Open
ovp87 wants to merge 1 commit intoanthropics:mainfrom
ovp87:fix/allow-hash-in-branch-names
Open

fix: allow # character in branch name validation#956
ovp87 wants to merge 1 commit intoanthropics:mainfrom
ovp87:fix/allow-hash-in-branch-names

Conversation

@ovp87
Copy link

@ovp87 ovp87 commented Feb 17, 2026
edited
Loading

Summary

  • Adds # to the branch name validation whitelist regex in validateBranchName()
  • The # character is valid per git-check-ref-format and commonly used in branch naming conventions like bugfix/#123-description
  • Since PR Fix command injection vulnerability in branch setup #736 switched git commands to execFileSync (no shell interpolation), # poses no injection risk — it's only meaningful in shell contexts (as a comment character)
  • Adds test cases for branch names containing #

Fixes #751

@ovp87 @claude
fix: allow # character in branch name validation
15c1b98 
The # character is valid per git-check-ref-format and commonly used in
branch naming conventions like "bugfix/anthropics#123-description". Since git
commands are now executed via execFileSync (no shell interpolation),
the # character poses no injection risk.

Fixes anthropics#751

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@ovp87