You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ruby/ql/src/queries/security/cwe-094/TemplateInjection.qhelp
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ use a sandboxed environment where access to unsafe attributes and methods is pro
17
17
18
18
<example>
19
19
<p>
20
-
<p>Consider the example given below, an untrusted HTTP parameter `name` is used to generate a template string. This can lead to remote code execution. </p>
20
+
<p>Consider the example given below, an untrusted HTTP parameter <code>name</code> is used to generate a template string. This can lead to remote code execution. </p>
21
21
<samplesrc="examples/SSTIBad.rb" />
22
22
23
23
<p>Here we have fixed the problem by including ERB/Slim syntax in the string, then the user input will be rendered but no evaluated.</p>
0 commit comments