hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6302 from github/aibaars/drop-spaces

Browse Source 
C# remove spurious spaces in <code> tag
This commit is contained in:
Arthur Baars
2021-07-15 14:57:21 +02:00
committed by GitHub
parent 900cbc9a2f e387d602b2
commit a47002c6d8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
csharp/ql/src/Input Validation/ValueShadowing.qhelp
View File

@@ -5,8 +5,8 @@
<overview>
<p>Relying on <code>HttpRequest</code> to provide access to a particular client variable is not
safe. The <code>HttpRequest</code> class implements an indexer to provide a simplified, combined
access to its <code>QueryString</code>, <code>Form</code>, <code>Cookies</code>, or <code>
ServerVariables</code> collections, in that particular order. When searching for a variable, the
access to its <code>QueryString</code>, <code>Form</code>, <code>Cookies</code>, or
<code>ServerVariables</code> collections, in that particular order. When searching for a variable, the
first match is returned: <code>QueryString</code> parameters hence supersede values from forms,
cookies and server variables, and so on. This is a serious attack vector since an attacker could
inject a value in the query string that you do not expect, and which supersedes the value of a more