codeql/2024-12-12-add-markupstring-as-html-injection-sink.md at 00688ebd798d2ec5ea88e11c1109b82332fb02d1 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00

Files

Ed Minnix 129388c78a Fix change note

2024-12-13 12:48:01 -05:00

242 B

Raw Blame History

category

category
minorAnalysis

Added the constructor and explicit cast operator of Microsoft.AspNetCore.Components.MarkupString as an html-injection sink. This will help catch cross-site scripting resulting from using MarkupString.