hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update query metadata

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-04-24 12:26:23 +01:00
parent c2ebdf5266
commit ca85f0bf7f
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
go/ql/src/Security/CWE-079/HTMLTemplateEscapingPassthrough.ql
View File

@@ -1,13 +1,14 @@
/**
* @name HTML template escaping passthrough
* @description If a user-provided value is converted to a special type that avoids escaping when fed into a HTML
* template, it may result in XSS.
* @name HTML template escaping bypass cross-site scripting
* @description Converting user input to a special type that avoids escaping
* when fed into an HTML template allows for a cross-site
* scripting vulnerability.
* @kind path-problem
* @problem.severity warning
* @problem.severity error
* @id go/html-template-escaping-bypass-xss
* @tags security
* experimental
* external/cwe/cwe-079
* external/cwe/cwe-116
*/
import go