#html

Rulesets (1)

minusworld.go-std-xss

r2c

semgrep
security
go
xss
html

Secure defaults for XSS in Go.

Rules (3)

html.security.audit.eval-detected.eval-detected

semgrep

html

Detected the use of eval(...). This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Follow OWASP best practices to ensure you handle XSS within a JavaScript context correct, and consider using safer APIs to evaluate user-input such as JSON.parse(...).

html.security.audit.insecure-document-method.insecure-document-method

semgrep

html

Detected the use of an inner/outerHTML assignment. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use a dangerous web API, consider using a sanitization library such as DOMPurify to sanitize the HTML before it is assigned.

html.security.plaintext-http-link.plaintext-http-link

semgrep

html

This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.