gitlab.eslint.detect-disable-mustache-escape

178

Download Count*

License

Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: eslint.detect-disable-mustache-escape
    metadata:
      cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation (XSS)"
      owasp: "A7: Cross-Site Scripting XSS"
      source-rule-url: https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-disable-mustache-escape.js
      primary_identifier: eslint.detect-disable-mustache-escape
      secondary_identifiers:
        - name: ESLint rule ID security/detect-disable-mustache-escape
          type: eslint_rule_id
          value: security/detect-disable-mustache-escape
      license: MIT
    message: >
      Markup escaping disabled. This can be used with some template engines to
      escape

      disabling of HTML entities, which can lead to XSS attacks.
    pattern: $OBJ.escapeMarkup = false
    severity: WARNING
    languages:
      - javascript
      - typescript

Short Link: https://sg.run/Jjjo