From 93e05db394547c0e085baf6cfa299f4bbf9448d0 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Fri, 8 May 2026 14:06:48 +0100
Subject: [PATCH] Python: remove doubles spaces from qhelp

---
 .../ql/src/Security/CWE-502/UnsafeDeserialization.qhelp   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp b/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
index 1c1535857fc..08af6249f50 100644
--- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
+++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -5,15 +5,15 @@
 <p>
 Deserializing untrusted data using any deserialization framework that
 allows the construction of arbitrary serializable objects is easily exploitable
-and in many cases allows an attacker to execute arbitrary code.  Even before a
+and in many cases allows an attacker to execute arbitrary code. Even before a
 deserialized object is returned to the caller of a deserialization method a lot
 of code may have been executed, including static initializers, constructors,
-and finalizers.  Automatic deserialization of fields means that an attacker may
+and finalizers. Automatic deserialization of fields means that an attacker may
 craft a nested combination of objects on which the executed initialization code
 may have unforeseen effects, such as the execution of arbitrary code.
 </p>
 <p>
-There are many different serialization frameworks.  This query currently
+There are many different serialization frameworks. This query currently
 supports Pickle, Marshal and Yaml.
 </p>
 <p>
@@ -28,7 +28,7 @@ user-controlled type resolution.
 
 <recommendation>
 <p>
-Avoid deserialization of untrusted data if at all possible.  If the
+Avoid deserialization of untrusted data if at all possible. If the
 architecture permits it then use other formats instead of serialized objects,
 for example JSON.
 </p>