JavaScript: Address review comments.

2026-05-02 20:25:13 +02:00 · 2019-11-14 15:47:40 +00:00
parent f804d316d7
commit 3b1e6c362c
2 changed files with 2 additions and 2 deletions
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.qhelp
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.qhelp
@@ -13,7 +13,7 @@ the URL scheme of any untrusted URL, and reject URLs with the <code>javascript:<
 <p>
 However, the <code>data:</code> and <code>vbscript:</code> schemes can be used to represent
 executable code in a very similar way, so any validation logic that checks against
-<code>javascript:</code> but not against <code>data:</code> and <code>vbscript:</code> is likely to
+<code>javascript:</code>, but not against <code>data:</code> and <code>vbscript:</code>, is likely to
 be insufficient.
 </p>
 </overview>