Apply suggestions from code review

Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
2026-05-04 21:25:44 +02:00 · 2023-01-23 14:58:04 +01:00
parent 8251ad5e99
commit 32c4cf5769
4 changed files with 9 additions and 9 deletions
--- a/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction.rb
+++ b/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction.rb
@@ -1,6 +1,6 @@
 class UsersController < ActionController::Base
  # BAD - create a user description, where the name is not escaped
  def create_user_description (name)
-    "<h2>#{name}</h2>".html_safe
+    "<b>#{name}</b>".html_safe
  end
 end
--- a/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction_safe.rb
+++ b/ruby/ql/src/queries/security/cwe-079/examples/unsafe-html-construction_safe.rb
@@ -1,6 +1,6 @@
 class UsersController < ActionController::Base
  # Good - create a user description, where the name is escaped
  def create_user_description (name)
-    "<h2>#{ERB::Util.html_escape(name)}</h2>".html_safe
+    "<b>#{ERB::Util.html_escape(name)}</b>".html_safe
  end
 end