Skip to content

Files

Latest commit

 

History

History
7 lines (4 loc) · 255 Bytes

detect-disable-mustache-escape.md

File metadata and controls

7 lines (4 loc) · 255 Bytes

Pattern: Use of object.escapeMarkup = false

Issue: -

Description

Detects object.escapeMarkup = false, which can be used with some template engines to disable escaping of HTML entities. This can lead to Cross-Site Scripting (XSS) vulnerabilities.