remove <br/> tags

2026-04-30 19:26:02 +02:00 · 2019-09-10 16:57:15 +01:00
parent 97fc10e669
commit 6bb9781466
1 changed files with 0 additions and 3 deletions
--- a/javascript/ql/src/Security/CWE-834/TaintedLength.qhelp
+++ b/javascript/ql/src/Security/CWE-834/TaintedLength.qhelp
@@ -12,7 +12,6 @@
        This happens when an attacker creates a JSON object with an
        absurdly large number in the .length property that the server then 
        loops through.
-        <br />
        The problem can also happen when using utility methods from Lodash or 
        Underscore that operate on array-like values. 
        As a simple example of how a DOS can happen, this code will crash most
@@ -27,12 +26,10 @@
        Forcing the user controlled object to be an array or preventing the 
        <code>.length</code> property from being too large can limit the 
        impact of the attack. 
-        <br/>
        Alternatively the loop can exit early if the currently iterated element
        is seen to be <code>undefined</code>, as the attacker cannot create an
        array-like object with non-<code>undefined</code> values for an 
        unlimited amount of array elements. 
-        <br />
        Accessing a property of the currently iterated element will also
        prevent the attack, as a null-pointer exception will occur in the first
        iteration where the element is <code>undefined</code>.