hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 15:05:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Updated qhelp for the use of html_escape()

Browse Source
This commit is contained in:
Sim4n6
2023-05-20 17:58:24 +01:00
parent cc3cc1faef
commit f5ff50880c
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.qhelp
View File

@@ -16,10 +16,10 @@
<example>
<p> The following example showcases the bypass of all checks performed by <code>
flask.escape()</code> due to a post-unicode normalization.</p>
<p>For instance: the character U+FE64 (<code>﹤</code>) is not filtered-out by the flask
escape function. But due to the Unicode normalization, the character is transformed and
would become U+003C (<code> &lt; </code> ).</p>
html_escape()</code> due to a post-unicode normalization.</p>
<p>For instance: the character U+FE64 (<code>﹤</code>) is not filtered-out by the
html_escape() function. But due to the Unicode normalization, the character is
transformed and would become U+003C (<code> &lt; </code> ).</p>
<sample src="./examples/unicode_normalization.rb" />