ajinabraham.njsscan.xss.xss_serialize_js.xss_serialize_javascript
ajinabrahamAuthor
unknown
Download Count*
License
Untrusted user input reaching serialize-javascript with unsafe attribute can cause Cross Site Scripting (XSS).
Run Locally
Run in CI
Defintion
rules:
- id: xss_serialize_javascript
patterns:
- pattern-inside: |
$S = require('serialize-javascript')
...
- pattern-not-inside: escape(...)
- pattern-not-inside: encodeURI(...)
- pattern: |
$S(..., {unsafe: true})
message: Untrusted user input reaching `serialize-javascript` with `unsafe`
attribute can cause Cross Site Scripting (XSS).
severity: WARNING
languages:
- javascript
metadata:
owasp-web: a1
cwe: cwe-80
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/0qOv