diff --git a/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.go b/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.go
old mode 100755
new mode 100644
index b0b5325eb62..e0468e4bfb2
--- a/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.go
+++ b/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.go
@@ -71,13 +71,13 @@ func bad(req *http.Request) {
 func good(req *http.Request) {
 	tmpl, _ := template.New("test").Parse(`Hello, {{.}}\n`)
 	{ // This will be escaped, so it shoud NOT be caught:
-		var escaped = source(`<a href="example.com">link</a>`)
+		var escaped = req.UserAgent()
 		checkError(tmpl.Execute(os.Stdout, escaped))
 	}
 	{
 		// The converted source value does NOT flow to tmpl.Exec,
 		// so this should NOT be caught.
-		src := source(`<a href='example.com'>link</a>`)
+		src := req.UserAgent()
 		converted := template.HTML(src)
 		_ = converted
 		checkError(tmpl.Execute(os.Stdout, src))