JavaScript: Fix inconisstency in TaintedPath.qhelp.

2026-04-30 11:15:13 +02:00 · 2019-08-12 10:29:41 +01:00
parent 80cfe070d4
commit 020d31c3b6
1 changed files with 1 additions and 1 deletions
--- a/javascript/ql/src/Security/CWE-022/TaintedPath.qhelp
+++ b/javascript/ql/src/Security/CWE-022/TaintedPath.qhelp
@@ -41,7 +41,7 @@ However, a malicious user could enter a file name which is an absolute path, suc
 In the second example, it appears that the user is restricted to opening a file within the
 <code>"user"</code> home directory. However, a malicious user could enter a file name containing
 special characters. For example, the string <code>"../../etc/passwd"</code> will result in the code
-reading the file located at <code>"/home/[user]/../../etc/passwd"</code>, which is the system's
+reading the file located at <code>"/home/user/../../etc/passwd"</code>, which is the system's
 password file. This file would then be sent back to the user, giving them access to all the
 system's passwords.
 </p>