Python: Fix XXE qhelp

2025-12-19 10:23:15 +01:00 · 2021-09-28 17:02:39 +02:00
parent 9c286a1b50
commit e472814ddd
1 changed files with 7 additions and 3 deletions
--- a/python/ql/src/experimental/Security/CWE-611/XXE.qhelp
+++ b/python/ql/src/experimental/Security/CWE-611/XXE.qhelp
@@ -13,11 +13,15 @@ in this situation.
 </p>
 <p>
 Refer to the following links to check the details regarding how and which libraries are vulnerable:
+</p>
+
+<ul>
 <li><a href="https://docs.python.org/3/library/xml.html#xml-vulnerabilities">Python 3</a>.</li>
 <li><a href="https://docs.python.org/2/library/xml.html#xml-vulnerabilities">Python 2</a>.</li>
-</p>
+</ul>
+
 <p>
-This query currently identifies vulnerable XML parsing from the following parsers: 
+This query currently identifies vulnerable XML parsing from the following parsers:
 <code>xml.etree.ElementTree.XMLParser</code>, <code>lxml.etree.XMLParser</code>, <code>lxml.etree.get_default_parser</code>,
 <code>xml.sax.make_parser</code>.
 </p>
@@ -47,4 +51,4 @@ that is not safely configured on untrusted data, and is therefore inherently uns
 <li>Denial of service attack (Billion laughs): <a href="https://en.wikipedia.org/wiki/Billion_laughs">Billion Laughs.</a></li>
 </references>

-</qhelp>
+</qhelp>