File tree Expand file tree Collapse file tree
ruby/ql/src/experimental/cwe-176 Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1616 <example >
1717
1818 <p > The following example showcases the bypass of all checks performed by <code >
19- flask.escape ()</code > due to a post-unicode normalization.</p >
20- <p >For instance: the character U+FE64 (<code >﹤</code >) is not filtered-out by the flask
21- escape function. But due to the Unicode normalization, the character is transformed and
22- would become U+003C (<code > < </code > ).</p >
19+ html_escape ()</code > due to a post-unicode normalization.</p >
20+ <p >For instance: the character U+FE64 (<code >﹤</code >) is not filtered-out by the
21+ html_escape() function. But due to the Unicode normalization, the character is
22+ transformed and would become U+003C (<code > < </code > ).</p >
2323
2424 <sample src =" ./examples/unicode_normalization.rb"
2525
You can’t perform that action at this time.
0 commit comments