#html
Rulesets (1)
Rules (5)
The correct attribute name for this meta tag is `http-equiv`, not `https-equiv`.
Detected the use of eval(...). This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Follow OWASP best practices to ensure you handle XSS within a JavaScript context correct, and consider using safer APIs to evaluate user-input such as JSON.parse(...).
Detected the use of an inner/outerHTML assignment. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use a dangerous web API, consider using a sanitization library such as DOMPurify to sanitize the HTML before it is assigned.
This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.
Insufficient permissions to view rule definition. This rule is only visible to logged in users. Log in to see this rule.