Ruby: remove extra opening p tag

alexrford · alexrford · commit ee6288173fb5 · 2023-03-17T11:38:49.000Z
diff --git a/ruby/ql/src/experimental/template-injection/TemplateInjection.qhelp b/ruby/ql/src/experimental/template-injection/TemplateInjection.qhelp
@@ -17,11 +17,14 @@ use a sandboxed environment where access to unsafe attributes and methods is pro
 
 <example>
 <p>
-        <p>Consider the example given below, an untrusted HTTP parameter <code>name</code> is used to generate a template string. This can lead to remote code execution. </p>
-        <sample src="examples/SSTIBad.rb" />
-        
-        <p>Here we have fixed the problem by including ERB/Slim syntax in the string, then the user input will be rendered but no evaluated.</p>
-        <sample src="examples/SSTIGood.rb" />
+Consider the example given below, an untrusted HTTP parameter <code>name</code> is used to generate a template string. This can lead to remote code execution.
+</p>
+<sample src="examples/SSTIBad.rb" />
+
+<p>
+Here we have fixed the problem by including ERB/Slim syntax in the string, then the user input will be rendered but no evaluated.
+</p>
+<sample src="examples/SSTIGood.rb" />
 </example>
 
 <references>
@@ -32,4 +35,4 @@ Wikipedia: <a href="https://en.wikipedia.org/wiki/Code_injection#Server_Side_Tem
 Portswigger : <a href="https://portswigger.net/web-security/server-side-template-injection">Server Side Template Injection</a>.
 </li>
 </references>
-</qhelp>
+</qhelp>
