JS: address doc review comments

Esben Sparre Andreasen · Esben Sparre Andreasen · commit bb48421d7778 · 2018-09-17T11:08:35.000+02:00
diff --git a/change-notes/1.19/analysis-javascript.md b/change-notes/1.19/analysis-javascript.md
@@ -12,7 +12,7 @@
 
 | **Query**                                     | **Tags**                                             | **Purpose**                                                                                                                                                                 |
 |-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Stored cross-site scripting (`js/stored-xss`) | security, external/cwe/cwe-079, external/cwe/cwe-116 | Highlights uncontrolled stored values flowing into HTML content, indicating a violation of [CWE-079](https://cwe.mitre.org/data/definitions/79.html). Results shown on lgtm by default. |
+| Stored cross-site scripting (`js/stored-xss`) | security, external/cwe/cwe-079, external/cwe/cwe-116 | Highlights uncontrolled stored values flowing into HTML content, indicating a violation of [CWE-079](https://cwe.mitre.org/data/definitions/79.html). Results shown on LGTM by default. |
 
 ## Changes to existing queries
 
diff --git a/javascript/ql/src/Security/CWE-079/examples/StoredXss.js b/javascript/ql/src/Security/CWE-079/examples/StoredXss.js
@@ -5,7 +5,8 @@ express().get('/list-directory', function(req, res) {
     fs.readdir('/public', function (error, fileNames) {
         var list = '<ul>';
         fileNames.forEach(fileName => {
-            list += '<li>' + fileName '</li>'; // BAD: `fileName` can contain HTML elements
+            // BAD: `fileName` can contain HTML elements
+            list += '<li>' + fileName '</li>';
         });
         list += '</ul>'
         res.send(list);
diff --git a/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js b/javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
@@ -6,7 +6,8 @@ express().get('/list-directory', function(req, res) {
     fs.readdir('/public', function (error, fileNames) {
         var list = '<ul>';
         fileNames.forEach(fileName => {
-            list += '<li>' + escape(fileName) '</li>'; // GOOD: escaped `fileName` can not contain HTML elements
+            // GOOD: escaped `fileName` can not contain HTML elements
+            list += '<li>' + escape(fileName) '</li>';
         });
         list += '</ul>'
         res.send(list);
