gitlab.gosec.G203-1

unknown
Download Count*
MIT
License

Use of unescaped data in HTML templates

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: gosec.G203-1
    patterns:
      - pattern-either:
          - patterns:
              - pattern: template.HTML($IN)
              - pattern-not: template.HTML("...")
          - patterns:
              - pattern: template.JS($IN)
              - pattern-not: template.JS("...")
          - patterns:
              - pattern: template.URL($IN)
              - pattern-not: template.URL("...")
          - patterns:
              - pattern: template.HTMLAttr($IN)
              - pattern-not: template.HTMLAttr("...")
    message: |
      Use of unescaped data in HTML templates
    metadata:
      cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation"
      primary_identifier: gosec.G203-1
      secondary_identifiers:
        - name: Gosec Rule ID G203
          type: gosec_rule_id
          value: G203
      license: MIT
    severity: WARNING
    languages:
      - go