mirror of
https://github.com/github/codeql.git
synced 2026-03-06 07:36:47 +01:00
19 lines
509 B
XML
19 lines
509 B
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>Data entered in hidden fields is cached in the same way as the rest of the page, and can be
|
|
accessed or replaced by attackers that have access to the browser's cache. You should not trust the
|
|
contents of hidden fields more than the contents of normal input fields.</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>Ensure no sensitive information is stored in hidden fields.</p>
|
|
|
|
</recommendation>
|
|
<references>
|
|
|
|
</references>
|
|
</qhelp>
|