hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
haby0
2021-04-10 04:22:08 +08:00
committed by GitHub
parent b8c11503f0
commit ebd38eaf3b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
View File

@@ -14,7 +14,7 @@ When there is a cross-domain problem, this could lead to information leakage.</p
</recommendation>
<example>
<p>The following examples show the bad case and the good case respectively. Bad case, such as <code>bad1</code> to <code>bad8</code>,
<p>The following examples show the bad case and the good case respectively. Bad cases, such as <code>bad1</code> to <code>bad8</code>,
will cause information leakage problems when there are cross-domain problems. In a good case, for example, in the <code>good1</code>
method and the <code>good2</code> method, use the <code>verifToken</code> method to do the random <code>token</code> Verification can
solve the problem of information leakage caused by cross-domain.</p>