hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp

Browse Source 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
This commit is contained in:
monkey-junkie
2020-05-05 11:58:49 +03:00
committed by GitHub
parent 700a070a15
commit 25df6e1664
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/src/experimental/Security/CWE-94/ServerSideTemplateInjection.qhelp
View File

@@ -36,10 +36,9 @@ curl -i -s -k -X $'POST' -H $'Host: 127.0.0.1:5061' -H $'Connection: close' -H $
<example>
<p>
As the example of safe usage of rendering engine, please see example below.
In opposite to first example, instead of concatenation of provided user input with the template
it is possible to provide user input as a context - user input will be safely insterted
and rendered inside correspondent placeholders.
The example below provides an example of how to use a template engine without any risk of Server-Side Template Injection.
Instead of concatenating user input onto the template, the template uses a placeholder and safely inserts
the user input.
</p>
<sample src="examples/ServerSideTemplateInjectionSafe.js" />