Update the description message of template rule (#803)

securego · Apr 5, 2022 · 89dfdc0 · 89dfdc0
1 parent 0791d31
commit 89dfdc0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/templates.go b/rules/templates.go
@@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 			ID:         id,
 			Severity:   gosec.Medium,
 			Confidence: gosec.Low,
-			What:       "this method will not auto-escape HTML. Verify data is well formed.",
+			What:       "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
 		},
 	}, []ast.Node{(*ast.CallExpr)(nil)}
 }