44<qhelp >
55
66<overview >
7- <p >Directly writing user input (for example, an HTTP request parameter) to a web
8- page, without properly sanitizing the input first, allows for a cross-site
7+ <p >Directly writing user input (for example, an HTTP request parameter) to a webpage,
8+ without properly sanitizing the input first, allows for a cross-site
99scripting vulnerability.</p >
1010</overview >
1111
@@ -23,9 +23,9 @@ scripting:</p>
2323<sample src =" XSSBad.rs"
2424
2525<p >To fix this vulnerability, the user input should be HTML-encoded before being
26- included in the response. In the following example <code >encode_text</code > from
26+ included in the response. In the following example, <code >encode_text</code > from
2727the <a href =" https://docs.rs/html-escape/latest/html_escape/index.html" a >
28- crate is used:</p >
28+ crate is used to achieve this :</p >
2929
3030<sample src =" XSSGood.rs"
3131
@@ -34,15 +34,15 @@ crate is used:</p>
3434<references >
3535<li >
3636 OWASP:
37- <a href =" https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" XSS
38- ( Cross Site Scripting) Prevention Cheat Sheet</a >.
37+ <a href =" https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"
38+ Cross Site Scripting Prevention Cheat Sheet</a >.
3939</li >
4040<li >
4141 Wikipedia: <a href =" https://en.wikipedia.org/wiki/Cross-site_scripting" a >.
4242</li >
4343<li >
4444 OWASP:
45- <a href =" https://owasp.org/www-community/attacks/xss/" -site Scripting (XSS)</a >.
45+ <a href =" https://owasp.org/www-community/attacks/xss/" Site Scripting (XSS)</a >.
4646</li >
4747</references >
4848</qhelp >
0 commit comments