ajinabraham.njsscan.xss_templates.handlebars_safestring

ajinabraham

Author

1,129

Download Count*

License

Handlebars SafeString will not escape the data passed through it. Untrusted user input passing through SafeString can cause XSS.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: handlebars_safestring
    pattern-either:
      - pattern: $X.SafeString(...)
      - pattern: new Handlebars.SafeString(...)
    message: Handlebars SafeString will not escape the data passed through it.
      Untrusted user input passing through SafeString can cause XSS.
    languages:
      - javascript
    severity: ERROR
    metadata:
      owasp-web: a1
      cwe: cwe-79
      license: LGPL-3.0-or-later

Short Link: https://sg.run/rdbj