#html

Rulesets (1)

minusworld.go-std-xss

r2c

Secure defaults for XSS in Go.

Rules (4)

html.security.plaintext-http-link.plaintext-http-link

returntocorp

html

This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.

No author info

html

Insufficient permissions to view rule definition Upgrade to Semgrep Team tier to see this Pro rule. Visit https://semgrep.dev/pricing to learn how to upgrade.

html.security.audit.eval-detected.eval-detected

returntocorp

html

Detected the use of eval(...). This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Follow OWASP best practices to ensure you handle XSS within a JavaScript context correct, and consider using safer APIs to evaluate user-input such as JSON.parse(...).

html.security.audit.insecure-document-method.insecure-document-method

returntocorp

html

Detected the use of an inner/outerHTML assignment. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use a dangerous web API, consider using a sanitization library such as DOMPurify to sanitize the HTML before it is assigned.