minusworld.go-std-xss

Community Favorite
profile photo of r2cr2c
Author
3,676
Download Count*

Secure defaults for XSS in Go.

Run Locally

Tags

Rules (6)

profile photo of returntocorpreturntocorp

Semgrep could not determine that the argument to 'template.HTML()' is a constant. 'template.HTML()' and similar does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability. Instead, do not use this function and use 'template.Execute()'.