#html
Rulesets (1)
Rules (4)

This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.
Insufficient permissions to view rule definition Upgrade to Semgrep Team tier to see this Pro rule. Visit https://semgrep.dev/pricing to learn how to upgrade.

Detected the use of eval(...). This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. Follow OWASP best practices to ensure you handle XSS within a JavaScript context correct, and consider using safer APIs to evaluate user-input such as JSON.parse(...).

Detected the use of an inner/outerHTML assignment. This can introduce a Cross-Site-Scripting (XSS) vulnerability if this comes from user-provided input. If you have to use a dangerous web API, consider using a sanitization library such as DOMPurify to sanitize the HTML before it is assigned.