hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/src/experimental/Security/CWE-117/LogInjection.help

Browse Source 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
This commit is contained in:
Alessio Della Libera
2020-06-18 19:29:34 +02:00
committed by GitHub
parent 41c029567f
commit b4f255176a
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/experimental/Security/CWE-117/LogInjection.help
View File

@@ -10,7 +10,7 @@
<p>Forgery can occur if a user provides some input with characters that are interpreted
when the log output is displayed. If the log is displayed as a plain text file, then new
line characters can be used by a malicious user. If the log is displayed as HTML, then
arbitrary HTML may be include to spoof log entries.</p>
arbitrary HTML may be included to spoof log entries.</p>
</overview>
<recommendation>
@@ -44,4 +44,4 @@ the log entry will be splitted in two different lines, where the second line wil
<references>
<li>OWASP: <a href="https://www.owasp.org/index.php/Log_Injection">Log Injection</a>.</li>
</references>
</qhelp>
</qhelp>