Community Favorite
profile photo of r2cr2c
Download Count*

Secure defaults for XSS in Go.

Run Locally

Rules (6)

profile photo of returntocorpreturntocorp

Semgrep could not determine that the argument to 'template.HTML()' is a constant. 'template.HTML()' and similar does not escape contents. Be absolutely sure there is no user-controlled data in this template. If user data can reach this template, you may have a XSS vulnerability. Instead, do not use this function and use 'template.Execute()'.