ajinabraham.njsscan.xss.xss_templates.squirrelly_autoescape

ajinabraham

Author

unknown

Download Count*

License

Handlebars SafeString will not escape the data passed through it. Untrusted user input passing through SafeString can cause XSS.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: squirrelly_autoescape
    pattern: $X.autoEscaping(false)
    message: Handlebars SafeString will not escape the data passed through it.
      Untrusted user input passing through SafeString can cause XSS.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a1
      cwe: cwe-79
      license: LGPL-3.0-or-later
      vulnerability_class:
        - Other

Short Link: https://sg.run/lA6y