fix typos and update docs

2026-04-29 02:35:15 +02:00 · 2021-10-12 12:33:41 +02:00
parent 311df4d2b7
commit 5228196f79
3 changed files with 4 additions and 7 deletions
--- a/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.qhelp
+++ b/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.qhelp
@@ -6,7 +6,7 @@
 <overview>
 <p>
 Authentication cookies stored by a server can be accessed by a client if the <code>httpOnly</code> flag is not set.
-<p>
+</p>
 <p>
 An attacker that manages a cross-site scripting (XSS) attack can read the cookie and hijack the session.
 </p>
@@ -18,8 +18,6 @@ Set the <code>httpOnly</code> flag on all cookies that are not needed by the cli
 </p>
 </recommendation>

-<references>
-
 <example>
 <p>
 The following example stores an authentication token in a cookie that can 
--- a/javascript/ql/src/Security/CWE-614/ClearTextCookie.qhelp
+++ b/javascript/ql/src/Security/CWE-614/ClearTextCookie.qhelp
@@ -22,12 +22,12 @@ attribute on the cookie.
 The following example stores an authentication token in a cookie that can 
 be transmitted in clear text.
 </p>
-<sample src="examples/CleartextStorageBad.js"/>
+<sample src="examples/ClearTextCookieBad.js"/>
 <p>
 To force the cookie to be transmitted using SSL, set the <code>secure</code>
 attribute on the cookie.
 </p>
-<sample src="examples/CleartextStorageGood.js"/>
+<sample src="examples/ClearTextCookieGood.js"/>
 </example>

 <references>