ajinabraham.njsscan.xss.xss_mustache_escape.xss_disable_mustache_escape

profile photo of ajinabrahamajinabraham
Author
unknown
Download Count*
GPLv3
License

Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: xss_disable_mustache_escape
    pattern: $OBJ.escapeMarkup = false
    severity: WARNING
    languages:
      - javascript
    metadata:
      cwe: cwe-116
      owasp-web: a7
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other
    message: Markup escaping disabled. This can be used with some template engines
      to escape disabling of HTML entities, which can lead to XSS attacks.