electron-desktop-app

typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml

returntocorp

Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression

returntocorp

Detected use of dynamic execution of JavaScript which may come from user-input, which can lead to Cross-Site-Scripting (XSS). Where possible avoid including user-input in functions which dynamically execute user-input.

returntocorp

User controlled data in a jQuery's `.$METHOD(...)` is an anti-pattern that can lead to XSS vulnerabilities

returntocorp

User controlled data in a `$(...)` is an anti-pattern that can lead to XSS vulnerabilities

returntocorp

Potential arbitrary code execution, whatever is provided to `toFastProperties` is sent straight to eval()

returntocorp

Potential arbitrary code execution, piped to eval

returntocorp

User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern that can lead to XSS vulnerabilities

returntocorp

User controlled data in a `$EL.innerHTML` is an anti-pattern that can lead to XSS vulnerabilities

returntocorp

Detected the use of eval(). eval() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.

returntocorp

User controlled data in a `createNodesFromMarkup` is an anti-pattern that can lead to XSS vulnerabilities