hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: address qhelp review comments

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2019-06-03 16:39:39 +02:00
parent bf51c54338
commit 9e0a97e82f
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
View File

@@ -7,7 +7,7 @@
<p>
Sanitizing untrusted input with regular expressions is a
common technique. However, it is error prone to match untrusted input
common technique. However, it is error-prone to match untrusted input
against regular expressions without anchors such as <code>^</code> or
<code>$</code>. Malicious input can bypass such security checks by
embedding one of the allowed patterns in an unexpected location.
@@ -17,8 +17,8 @@
<p>
Even if the matching is not done in a security-critical
context, it may still cause undesirable behaviors when the regular
expression matches accidentally.
context, it may still cause undesirable behavior when the regular
expression accidentally matches.
</p>
</overview>