Skip to content

Commit 6742bea

Browse files
haby0haby0
committed
use <code> tags
1 parent 08be8ed commit 6742bea

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
<qhelp>
66
<overview>
77
<p>MyBatis allows operating the database by annotating a method with the annotations <code>@Select</code>, <code>@Insert</code>, etc. to construct dynamic SQL statements.
8-
If the syntax `${param}` is used in those statements, and `param` is a parameter of the annotated method, attackers can exploit this to tamper with the SQL statements or execute arbitrary SQL commands.</p>
8+
If the syntax <code>${param}</code> is used in those statements, and <code>param</code> is a parameter of the annotated method, attackers can exploit this to tamper with the SQL statements or execute arbitrary SQL commands.</p>
99
</overview>
1010

1111
<<recommendation>

0 commit comments

Comments
 (0)