Python: Fix qhelp for NoSQL injection

RasmusWL · RasmusWL · commit 59711424bd88 · 2021-06-28T11:48:28.000+02:00
diff --git a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.qhelp b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.qhelp
@@ -20,14 +20,14 @@
   NoSQL injections can be prevented by escaping user-input's special characters that are passed into the NoSQL query from the user-supplied source.
   Alternatively, using a sanitize library such as MongoSanitizer will ensure that user-supplied sources can not act as a malicious query.
   </p>
-<recommendation>
+</recommendation>
 
 <example>
   <p>In the example below, the user-supplied source is passed to a MongoDB function that queries the MongoDB database.</p>
   <sample src="examples/NoSQLInjection-bad.py" />
   <p> This can be fixed by using a sanitizer library like MongoSanitizer as shown in this annotated code version below.</p>
   <sample src="examples/NoSQLInjection-good.py" />
-<example>
+</example>
 
 <references>
   <li>Mongoengine: <a href="http://mongoengine.org/">Documentation</a>.</li>
