Use of CGI.escapeHTML() in test samples

2026-04-26 09:15:12 +02:00 · 2023-05-20 12:57:50 +01:00
parent 7cd1fd4bbf
commit d11cb9195c
1 changed files with 1 additions and 1 deletions
--- a/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb
+++ b/ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb
@@ -18,7 +18,7 @@ end
 class UnicodeNormalizationHtMLSafeController < ActionController::Base
  def unicodeNormalize
    unicode_input = params[:unicode_input]
-    unicode_html_safe = unicode_input.html_safe
+    unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe
    normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc)    # $result=BAD
    normalized_nfc = unicode_html_safe.unicode_normalize(:nfc)      # $result=BAD
  end