semgrep-docs icon indicating copy to clipboard operation
semgrep-docs copied to clipboard

Published 20 hours ago verified publisher icon semgrep

Suggestion: Another XSS vector

Open wh1t3h47 opened this issue 2 years ago • 1 comments

I was reading the documentation provided here and I noted that there was something missing in the XSS prevention documentation: Template strings.

As noted here, template strings can introduce an XSS vector in Django, it also might be a good ideia to add a static code analysis rule for that, but I'm not sure if Semgrep already has this rule implemented.

wh1t3h47 avatar Mar 06 '22 02:03 wh1t3h47

Thank you @wh1t3h47!

Internal issue tracking number MKT-467.

adamkvitek avatar Dec 09 '22 14:12 adamkvitek