electron-desktop-app

typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml

semgrep

Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.

javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression

semgrep

Detected use of dynamic execution of JavaScript which may come from user-input, which can lead to Cross-Site-Scripting (XSS). Where possible avoid including user-input in functions which dynamically execute user-input.

semgrep

User controlled data in a jQuery's `.$METHOD(...)` is an anti-pattern that can lead to XSS vulnerabilities

semgrep

User controlled data in a `$(...)` is an anti-pattern that can lead to XSS vulnerabilities

semgrep

Potential arbitrary code execution, whatever is provided to `toFastProperties` is sent straight to eval()

semgrep

Potential arbitrary code execution, piped to eval

semgrep

User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern that can lead to XSS vulnerabilities

semgrep

User controlled data in a `$EL.innerHTML` is an anti-pattern that can lead to XSS vulnerabilities

semgrep

Detected the use of eval(). eval() can be dangerous if used to evaluate dynamic content. If this content can be input from outside the program, this may be a code injection vulnerability. Ensure evaluated content is not definable by external sources.

semgrep

User controlled data in a `createNodesFromMarkup` is an anti-pattern that can lead to XSS vulnerabilities