Find more live information in Aikido here: https://app.aikido.dev/repositories/1742607?sidebarIssue=28016607&groupId=77741&sidebarIssueTask=4372533&sidebarTab=tasks
Scope
These issues affect the following code repository:
TLDR
Using {{{ }}} renders an unescaped string into the template. This means the developer is responsible for allowlisting all HTML strings that can be passed in.
How to fix
Avoid {{{ }}} usage. Ignore this issue only if the HTML content you feed into it is static. Defend in depth against XSS attacks by using a strict CSP policy. If you must use HTML, sanitize it with a library such as DOMPurify.
Find more live information in Aikido here: https://app.aikido.dev/repositories/1742607?sidebarIssue=28016607&groupId=77741&sidebarIssueTask=4372533&sidebarTab=tasks
Scope
These issues affect the following code repository:
.openapi-generator-templates/configuration.mustache at line 178
.openapi-generator-templates/configuration.mustache at line 246
and 19 more
TLDR
Using {{{ }}} renders an unescaped string into the template. This means the developer is responsible for allowlisting all HTML strings that can be passed in.
How to fix
Avoid {{{ }}} usage. Ignore this issue only if the HTML content you feed into it is static. Defend in depth against XSS attacks by using a strict CSP policy. If you must use HTML, sanitize it with a library such as DOMPurify.