hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Apply suggestions from docs review

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Simon Friis Vindum
2025-11-27 11:43:41 +01:00
committed by GitHub
parent 7278bc75ca
commit 97dad2db17
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
rust/ql/src/queries/security/CWE-079/XSS.qhelp
View File

@@ -4,8 +4,8 @@
<qhelp> <qhelp>
<overview> <overview>
<p>Directly writing user input (for example, an HTTP request parameter) to a web <p>Directly writing user input (for example, an HTTP request parameter) to a webpage,
page, without properly sanitizing the input first, allows for a cross-site without properly sanitizing the input first, allows for a cross-site
scripting vulnerability.</p> scripting vulnerability.</p>
</overview> </overview>
@@ -23,9 +23,9 @@ scripting:</p>
<sample src="XSSBad.rs" /> <sample src="XSSBad.rs" />
<p>To fix this vulnerability, the user input should be HTML-encoded before being <p>To fix this vulnerability, the user input should be HTML-encoded before being
included in the response. In the following example <code>encode_text</code> from included in the response. In the following example, <code>encode_text</code> from
the <a href="https://docs.rs/html-escape/latest/html_escape/index.html">html_escape</a> the <a href="https://docs.rs/html-escape/latest/html_escape/index.html">html_escape</a>
crate is used:</p> crate is used to achieve this:</p>
<sample src="XSSGood.rs" /> <sample src="XSSGood.rs" />
@@ -34,15 +34,15 @@ crate is used:</p>
<references> <references>
<li> <li>
OWASP: OWASP:
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">
(Cross Site Scripting) Prevention Cheat Sheet</a>. Cross Site Scripting Prevention Cheat Sheet</a>.
</li> </li>
<li> <li>
Wikipedia: <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">Cross-site scripting</a>. Wikipedia: <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">Cross-site scripting</a>.
</li> </li>
<li> <li>
OWASP: OWASP:
<a href="https://owasp.org/www-community/attacks/xss/">Cross-site Scripting (XSS)</a>. <a href="https://owasp.org/www-community/attacks/xss/">Cross Site Scripting (XSS)</a>.
</li> </li>
</references> </references>
</qhelp> </qhelp>

2
rust/ql/src/queries/security/CWE-079/XSS.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name Cross-site scripting * @name Cross-site scripting
* @description Writing user input directly to a web page * @description Writing user input directly to a webpage
* allows for a cross-site scripting vulnerability. * allows for a cross-site scripting vulnerability.
* @kind path-problem * @kind path-problem
* @problem.severity error * @problem.severity error