ajinabraham.njsscan.xss_mustache_escape.xss_disable_mustache_escape

ajinabraham

Author

1,129

Download Count*

License

Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: xss_disable_mustache_escape
    pattern: $OBJ.escapeMarkup = false
    severity: WARNING
    languages:
      - javascript
    metadata:
      cwe: cwe-116
      owasp-web: a7
      license: LGPL-3.0-or-later
    message: Markup escaping disabled. This can be used with some template engines
      to escape disabling of HTML entities, which can lead to XSS attacks.

Short Link: https://sg.run/1ZNl