From 59712a466f6f12acf517cdea2c4fa876f0214124 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Wed, 5 Jul 2023 21:08:43 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- doc/development/secure_coding_guidelines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/development/secure_coding_guidelines.md') diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md index c5e7a58af0d..8d6f36bb189 100644 --- a/doc/development/secure_coding_guidelines.md +++ b/doc/development/secure_coding_guidelines.md @@ -333,7 +333,7 @@ XSS issues are commonly classified in three categories, by their delivery method ### Impact -The injected client-side code is executed on the victim's browser in the context of their current session. This means the attacker could perform any same action the victim would normally be able to do through a browser. The attacker would also have the ability to: +The injected client-side code is executed on the victim's browser in the context of their current session. This means the attacker could perform any same action the victim would typically be able to do through a browser. The attacker would also have the ability to: - [log victim keystrokes](https://youtu.be/2VFavqfDS6w?t=1367) - launch a network scan from the victim's browser @@ -524,7 +524,7 @@ of these behaviors. The Ruby method [`Pathname.join`](https://ruby-doc.org/stdlib-2.7.4/libdoc/pathname/rdoc/Pathname.html#method-i-join) joins path names. Using methods in a specific way can result in a path name typically prohibited in -normal use. In the examples below, we see attempts to access `/etc/passwd`, which is a sensitive file: +typical use. In the examples below, we see attempts to access `/etc/passwd`, which is a sensitive file: ```ruby require 'pathname' -- cgit v1.2.3