typescript

Verifed by r2c
Community Favorite
profile photo of r2cr2c
Author
12,518
Download Count*

Default ruleset for TypeScript, by r2c

Run Locally

Tags

Rules (24)

profile photo of returntocorpreturntocorp

Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.

profile photo of returntocorpreturntocorp

Detected use of the 'none' algorithm in a JWT token. The 'none' algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a JWT token that will automatically be verified. Do not explicitly use the 'none' algorithm. Instead, use an algorithm such as 'HS256'.

profile photo of returntocorpreturntocorp

This HTML element '$EL' and attribute '$ATTR' together may load an external resource. This means that if dynamic content can enter this attribute it may be possible for an attacker to send HTTP requests to unintended locations which may leak data about your users. If this element is reaching out to a known host, consider hardcoding the host (or loading from a configuration) and appending the dynamic path. See https://github.com/cure53/HTTPLeaks for more information.