diff --git a/go/ql/src/Security/CWE-117/LogInjectionGood.go b/go/ql/src/Security/CWE-117/LogInjectionGood.go
index a43fa04bbbd3..74bc5e75b2df 100644
--- a/go/ql/src/Security/CWE-117/LogInjectionGood.go
+++ b/go/ql/src/Security/CWE-117/LogInjectionGood.go
@@ -9,7 +9,7 @@ import (
 // GOOD: The user-provided value is escaped before being written to the log.
 func handlerGood(req *http.Request) {
 	username := req.URL.Query()["username"][0]
-	escapedUsername := strings.ReplaceAll(username, "\n", "", -1)
-	escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "", -1)
+	escapedUsername := strings.ReplaceAll(username, "\n", "")
+	escapedUsername = strings.ReplaceAll(escapedUsername, "\r", "")
 	log.Printf("user %s logged in.\n", escapedUsername)
 }