hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review - docs and wording

Browse Source 
Docs suggestions accepted, thank you 🙏

Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Paul Hodgkinson
2024-07-12 11:48:39 +01:00
committed by GitHub
parent d71be8aeaf
commit 3f37fe6add
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.qhelp
View File

@@ -44,12 +44,12 @@
</p>
<p>
To help mitigate future risk of including a script that could be compromised, consider whether you need to
use a polyfill or other library at all. Modern browsers do not require a polyfill, and other popular libraries are redundant after enhancements to HTML 5.
To help mitigate the risk of including a script that could be compromised in the future, consider whether you need to
use polyfill or another library at all. Modern browsers do not require a polyfill, and other popular libraries were made redundant by enhancements to HTML 5.
</p>
<p>
If you do need a polyfill service or library, move to using a trusted CDN.
If you do need a polyfill service or library, move to using a CDN that you trust.
</p>
<p>
@@ -59,7 +59,7 @@
A dynamic service cannot be easily used with SRI. Nevertheless,
it is possible to list multiple acceptable SHA hashes in the <code>integrity</code> attribute,
such as those for the content generated for major browers used by your users.
such as hashes for the content required for the major browsers used by your users.
</p>
<p>
@@ -81,7 +81,7 @@
<sample src="polyfill-trusted.html" />
<p>
If you can investigate the most used browsers by your users, you can list the hashes of the polyfills for those browsers:
If you know which browsers are used by the majority of your users, you can list the hashes of the polyfills for those browsers:
</p>
<sample src="polyfill-sri.html" />

2
javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Untrusted domain used in script or other content
* @description Use of a script or other content from an untrusted or compromised domain
* @description Using a resource from an untrusted or compromised domain makes your code vulnerable to receiving malicious code.
* @kind problem
* @security-severity 7.2
* @problem.severity error