gitlab.bandit.B702

385

Download Count*

License

Mako templates do not provide a global HTML escaping mechanism. This means you must escape all sensitive data in your templates using '| u' for URL escaping or '| h' for HTML escaping. If you are using Mako to serve web content, consider using a system such as Jinja2 which enables global escaping.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B702
    pattern: mako.template.Template(...)
    message: |
      Mako templates do not provide a global HTML escaping mechanism.
      This means you must escape all sensitive data in your templates
      using '| u' for URL escaping or '| h' for HTML escaping.
      If you are using Mako to serve web content, consider using
      a system such as Jinja2 which enables global escaping.
    metadata:
      cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation
        ('Cross-site Scripting')"
      owasp: "A7: Cross-Site Scripting (XSS)"
      primary_identifier: bandit.B702
      secondary_identifiers:
        - name: Bandit Test ID B702
          type: bandit_test_id
          value: B702
      license: MIT
    severity: INFO
    languages:
      - python

Short Link: https://sg.run/K887