ajinabraham.njsscan.xss.xss_templates.squirrelly_autoescape
ajinabraham
Author
unknown
Download Count*
License
Handlebars SafeString will not escape the data passed through it. Untrusted user input passing through SafeString can cause XSS.
Run Locally
Run in CI
Defintion
rules:
- id: squirrelly_autoescape
pattern: $X.autoEscaping(false)
message: Handlebars SafeString will not escape the data passed through it.
Untrusted user input passing through SafeString can cause XSS.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-79
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/lA6y