html.correctness.https-equiv.https-equiv

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

The correct attribute name for this meta tag is http-equiv, not https-equiv.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: https-equiv
    metadata:
      category: correctness
      technology:
        - html
      references:
        - https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta#http-equiv
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    message: The correct attribute name for this meta tag is `http-equiv`, not
      `https-equiv`.
    severity: ERROR
    languages:
      - html
    pattern-either:
      - pattern: <meta ... https-equiv=...>
    fix-regex:
      regex: https-equiv=
      replacement: http-equiv=

Examples

https-equiv.html

<!DOCTYPE html>
<html lang="en-us">
  <head>
    <meta charset="utf-8" />
    <!-- ok: https-equiv -->
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />

    <!-- ruleid: https-equiv -->
    <meta https-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />

    <!-- ruleid: https-equiv -->
    <meta https-equiv="X-UA-Compatible" content="no closing tag">

    <!-- ruleid: https-equiv -->
    <meta https-equiv='X-UA-Compatible' content='single brackets'>

    <!-- ruleid: https-equiv -->
    <meta https-equiv=X-UA-Compatible content=nobrackets>

    <!-- ruleid: https-equiv -->
    <meta content="backwards" https-equiv="X-UA-Compatible">

    <!-- ok: https-equiv -->
    <meta rel="stylesheet" href="https-equiv" />

    <title>https-equiv test</title>
  </head>
</html>