diff --git a/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md b/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md new file mode 100644 index 000000000000..eb63db4e65e9 --- /dev/null +++ b/csharp/ql/lib/change-notes/2024-12-12-add-markupstring-as-html-injection-sink.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added the constructor of `Microsoft.AspNetCore.Components.MarkupString` as an `html-injection` sink. This will help catch cross-site scripting resulting from using `MarkupString`.