Apply suggestions from code review

owen-mc · smowton · web-flow · commit c933ab4ae225 · 2025-05-12T16:24:56.000-04:00
Co-authored-by: Chris Smowton &lt;smowton@github.com&gt;
diff --git a/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql b/go/ql/src/Security/CWE-079/HtmlTemplateEscapingBypassXss.ql
@@ -1,5 +1,5 @@
 /**
- * @name HTML template escaping bypass cross-site scripting
+ * @name Cross-site scripting via HTML template escaping bypass
  * @description Converting user input to a special type that avoids escaping
  *              when fed into an HTML template allows for a cross-site
  *              scripting vulnerability.
diff --git a/go/ql/src/change-notes/2025-05-01-html-template-escaping-bypass-xss.md b/go/ql/src/change-notes/2025-05-01-html-template-escaping-bypass-xss.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* A new query (`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the `html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in <https://github.com/github/codeql-go/pull/493>.
+* Query (`go/html-template-escaping-bypass-xss`) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using the `html/template` package, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in <https://github.com/github/codeql-go/pull/493>.
