CS: added extra guidance in recommendation section for LDAPInjection

Author: Napalys

csharp/ql/src/Security Features/CWE-090/LDAPInjection.qhelp

@@ -12,7 +12,7 @@ is likely to be able to run malicious LDAP queries.</p>
 <p>If user input must be included in an LDAP query, it should be escaped to
 avoid a malicious user providing special characters that change the meaning
 of the query. If possible, use an existing library, such as the AntiXSS
-library.</p>
+library. One may also make their own encoder filter <code>`LdapEncode`</code> following RFC 4515 standards.</p>
 </recommendation>
 
 <example>
@@ -35,5 +35,6 @@ the query cannot be changed by a malicious user.</p>
 <references>
 <li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/LDAP_Injection_Prevention_Cheat_Sheet.html">LDAP Injection Prevention Cheat Sheet</a>.</li>
 <li>OWASP: <a href="https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java">Preventing LDAP Injection in Java</a>.</li>
+<li>RFC 4515: <a href="https://datatracker.ietf.org/doc/html/rfc4515#section-3">String Search Filter Definition</a>.</li>
 </references>
 </qhelp>