File tree Expand file tree Collapse file tree 1 file changed +5
-6
lines changed
javascript/ql/src/Security/CWE-116 Expand file tree Collapse file tree 1 file changed +5
-6
lines changed Original file line number Diff line number Diff line change 2323 <recommendation >
2424 <p >
2525
26- Use a ( well-tested) sanitization library if at all
26+ Use a well-tested sanitization library if at all
2727 possible, and avoid modifying sanitized values further before treating
2828 them as HTML.
2929
3636
3737 The following function transforms a self-closing HTML tag
3838 to a pair of open/close tags. It does so for all non-<code >img</code >
39- and non-<code >area</code > tags using a regular expression with two
39+ and non-<code >area</code > tags, by using a regular expression with two
4040 capture groups. The first capture group corresponds to the name of the
41- tag, and the second capture group corresponds to the content of
42- the tag.
41+ tag, and the second capture group to the content of the tag.
4342
4443 </p >
4544
5655 <p >
5756
5857 However, the function is not safe. As an example, consider
59- the following string which does not result in an alert when a
60- browser treats it as HTML:
58+ the following string:
59+
6160
6261 </p >
6362
You can’t perform that action at this time.
0 commit comments