Apply suggestions from code review

Co-authored-by: Chris Smowton <smowton@github.com>
2025-12-17 01:03:14 +01:00 · 2025-05-12 16:24:56 -04:00
parent 9ba47eb655
commit c933ab4ae2
2 changed files with 2 additions and 2 deletions
--- a/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
+++ b/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
@@ -1,5 +1,5 @@
 /**
- * @name HTML template escaping bypass cross-site scripting
+ * @name Cross-site scripting via HTML template escaping bypass
 * @description Converting user input to a special type that avoids escaping
 *              when fed into an HTML template allows for a cross-site
 *              scripting vulnerability.
--- a/go/ql/src/change-notes/2025-05-01-html-template-escaping-bypass-xss.md
+++ b/go/ql/src/change-notes/2025-05-01-html-template-escaping-bypass-xss.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* A new query (`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the `html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in <https://github.com/github/codeql-go/pull/493>.
+* Query (`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the `html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in <https://github.com/github/codeql-go/pull/493>.