hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: Apply suggestions from docs review

Browse Source 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Simon Friis Vindum
2025-11-27 11:43:41 +01:00
committed by GitHub
parent 7278bc75ca
commit 97dad2db17
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
rust/ql/src/queries/security/CWE-079/XSS.qhelp
View File

@@ -4,8 +4,8 @@
<qhelp>
<overview>
<p>Directly writing user input (for example, an HTTP request parameter) to a web
page, without properly sanitizing the input first, allows for a cross-site
<p>Directly writing user input (for example, an HTTP request parameter) to a webpage,
without properly sanitizing the input first, allows for a cross-site
scripting vulnerability.</p>
</overview>
@@ -23,9 +23,9 @@ scripting:</p>
<sample src="XSSBad.rs" />
<p>To fix this vulnerability, the user input should be HTML-encoded before being
included in the response. In the following example <code>encode_text</code> from
included in the response. In the following example, <code>encode_text</code> from
the <a href="https://docs.rs/html-escape/latest/html_escape/index.html">html_escape</a>
crate is used:</p>
crate is used to achieve this:</p>
<sample src="XSSGood.rs" />
@@ -34,15 +34,15 @@ crate is used:</p>
<references>
<li>
OWASP:
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
(Cross Site Scripting) Prevention Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">
Cross Site Scripting Prevention Cheat Sheet</a>.
</li>
<li>
Wikipedia: <a href="https://en.wikipedia.org/wiki/Cross-site_scripting">Cross-site scripting</a>.
</li>
<li>
OWASP:
<a href="https://owasp.org/www-community/attacks/xss/">Cross-site Scripting (XSS)</a>.
<a href="https://owasp.org/www-community/attacks/xss/">Cross Site Scripting (XSS)</a>.
</li>
</references>
</qhelp>

2
rust/ql/src/queries/security/CWE-079/XSS.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Cross-site scripting
* @description Writing user input directly to a web page
* @description Writing user input directly to a webpage
* allows for a cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity error