codeql/2024-12-12-add-markupstring-as-html-injection-sink.md at 1fb597376eddd3ee1d7879a605faaaf4273b3a59 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00

Files

Dave Bartolomeo 72a53c4b23 Revert "Release preparation for version 2.20.1"

2025-01-07 13:32:23 -05:00

242 B

Raw Blame History

category

category
minorAnalysis

Added the constructor and explicit cast operator of Microsoft.AspNetCore.Components.MarkupString as an html-injection sink. This will help catch cross-site scripting resulting from using MarkupString.