JS: address doc review comments

2026-05-02 12:15:17 +02:00 · 2018-09-17 11:08:35 +02:00
parent 444a09a17c
commit bb48421d77
3 changed files with 5 additions and 3 deletions
--- a/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
+++ b/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
@@ -5,7 +5,8 @@ express().get('/list-directory', function(req, res) {
    fs.readdir('/public', function (error, fileNames) {
        var list = '<ul>';
        fileNames.forEach(fileName => {
-            list += '<li>' + fileName '</li>'; // BAD: `fileName` can contain HTML elements
+            // BAD: `fileName` can contain HTML elements
+            list += '<li>' + fileName '</li>';
        });
        list += '</ul>'
        res.send(list);
--- a/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
+++ b/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
@@ -6,7 +6,8 @@ express().get('/list-directory', function(req, res) {
    fs.readdir('/public', function (error, fileNames) {
        var list = '<ul>';
        fileNames.forEach(fileName => {
-            list += '<li>' + escape(fileName) '</li>'; // GOOD: escaped `fileName` can not contain HTML elements
+            // GOOD: escaped `fileName` can not contain HTML elements
+            list += '<li>' + escape(fileName) '</li>';
        });
        list += '</ul>'
        res.send(list);