From 25fb1aabd2f01a2daf237feab5b5faa8c0b0dc7b Mon Sep 17 00:00:00 2001
From: Lindsay Simpkins <lsimpkins@microsoft.com>
Date: Mon, 9 Jun 2025 14:01:54 -0400
Subject: [PATCH] fix powershell qhelp files

---
 powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp    | 2 +-
 .../ql/src/queries/security/cwe-078/CommandInjection.qhelp      | 2 +-
 .../src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp b/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp
index 86cabe758176..a355d3c83434 100644
--- a/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp
+++ b/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp
@@ -6,7 +6,7 @@
 <p>
 You cannot use following reserved characters in a function or cmdlet name as these can cause parsing or runtime errors.
 
-Reserved Characters include: #,(){}[]&/\\$^;:\"'<>|?@`*%+=~
+Reserved Characters include: #,(){}[]&amp;/\\$^;:\"'&lt;&gt;|?@`*%+=~
 </p>
 
 </overview>
diff --git a/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp b/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp
index e89985142d97..bbdd6cf44bcc 100644
--- a/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp
+++ b/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp
@@ -4,7 +4,7 @@
 <qhelp>
 <overview>
 <p>Code that passes user input directly to
-<code>Invoke-Expression</code>, <code>&</code>, or some other library
+<code>Invoke-Expression</code>, <code>&amp;</code>, or some other library
 routine that executes a command, allows the user to execute malicious
 code.</p>
 
diff --git a/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp b/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp
index cf7d1bbeb681..1209d21faa88 100644
--- a/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp
+++ b/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp
@@ -11,7 +11,7 @@
 
 <p>Avoid using <code>Invoke-Expression</code> in your powershell code.</p>
 
-<p>If you’re running some command and the command path has spaces in it, then you need the command invocation operator <code>&</code></p>
+<p>If you’re running some command and the command path has spaces in it, then you need the command invocation operator <code>&amp;</code></p>
 </recommendation>
 
 <references>