codeql/2024-12-12-add-markupstring-as-html-injection-sink.md at 0a967325e7b9e3f54df3180c0e6731e81ceff711 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00

Files

Ed Minnix 0a967325e7 Change note

2024-12-12 16:22:09 -05:00

215 B

Raw Blame History

category

category
minorAnalysis

Added the constructor of Microsoft.AspNetCore.Components.MarkupString as an html-injection sink. This will help catch cross-site scripting resulting from using MarkupString.