hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-Authored-By: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Esben Sparre Andreasen
2020-04-27 12:37:39 +02:00
committed by GitHub
parent 0a8e371b0e
commit c0250894de
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.qhelp
View File

@@ -9,8 +9,8 @@
Sanitizing untrusted input for HTML meta-characters is an important
technique for preventing cross-site scripting attacks. Usually, this
is done by escaping <code>&lt;</code>, <code>&gt;</code>,
<code>&amp;</code> and <code>&quot;</code>. But the context in which
the sanitized value is used decides which characters that actually
<code>&amp;</code> and <code>&quot;</code>. However, the context in which
the sanitized value is used decides the characters that
need to be sanitized.
</p>
@@ -59,7 +59,7 @@
<p>
Sanitizing the user-controlled data for
<code>&quot;</code> prevents the vulnerability:
<code>&quot;</code> helps prevent the vulnerability:
</p>