codeql/2024-12-12-add-markupstring-as-html-injection-sink.md at de2460e8b1013686e300191c322ac2e615696e29 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Files

Dave Bartolomeo 22e030584c Revert "Release preparation for version 2.20.1"

2025-01-07 12:14:27 -05:00

242 B

Raw Blame History

category

category
minorAnalysis

Added the constructor and explicit cast operator of Microsoft.AspNetCore.Components.MarkupString as an html-injection sink. This will help catch cross-site scripting resulting from using MarkupString.