Page MenuHomePhabricator
Files F34942577

2022-function-evaluator-semgrep-p-xss.txt
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Feb 4 2022, 9:05 PM
Size
535 B
Referenced Files
None
Subscribers
None

2022-function-evaluator-semgrep-p-xss.txt
View Options

routes/ex.js
rule:javascript.express.security.audit.xss.direct-response-write.direct-response-write: Detected directly writing to a Response object. This bypasses any HTML escaping and may expose your app to a cross-site scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML. Details: https://sg.run/vzGl
29: res.send( arr.join() );
--------------------------------------------------------------------------------
48: res.send( text );
ran 79 rules on 106 files: 2 findings

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9340805
Default Alt Text
2022-function-evaluator-semgrep-p-xss.txt (535 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL