Skip to content

Commit f0516dd

Browse files
asgerfasgerf
committed
JS: Address review comments
1 parent 68d2bc8 commit f0516dd

File tree

1 file changed

+0
-6
lines changed

1 file changed

+0
-6
lines changed

javascript/ql/src/Security/CWE-094/CodeInjection.qhelp

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,7 @@ for example, steal cookies containing session information.
3030
</p>
3131

3232
<sample src="examples/CodeInjection.js" />
33-
</example>
3433

35-
<example>
3634
<p>
3735
The following example shows a Pug template being constructed from user input, allowing attackers to run
3836
arbitrary code via a payload such as <code>#{global.process.exit(1)}</code>.
@@ -58,10 +56,6 @@ OWASP:
5856
Wikipedia: <a href="https://en.wikipedia.org/wiki/Code_injection">Code Injection</a>.
5957
</li>
6058
<li>
61-
OWASP:
62-
<a href="https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection">Server Side Template Injection</a>.
63-
</li>
64-
<li>
6559
PortSwigger Research Blog:
6660
<a href="https://portswigger.net/research/server-side-template-injection">Server-Side Template Injection</a>.
6761
</li>

0 commit comments

Comments
 (0)