semgrep-rules icon indicating copy to clipboard operation
semgrep-rules copied to clipboard
verified publisher icon semgrep

Detect XSS in trigger_error

Open Sjord opened this issue 3 months ago • 2 comments

The message passed to trigger_error is not HTML encoded by default, and can be displayed in the browser if display_errors is on.

Sjord avatar Sep 03 '25 08:09 Sjord

@inkz Could you take a look at this PR?

Sjord avatar Oct 21 '25 08:10 Sjord

Can someone review this?

Sjord avatar Dec 04 '25 08:12 Sjord