nuclei-templates/file/nodejs/xss-disable-mustache-escape...

18 lines
467 B
Plaintext
Raw Normal View History

id: xss-disable-mustache-escape
info:
name: XSS Disable Mustache Escape
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
tags: file,nodejs,mustache,xss
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "\\$OBJ\\.escapeMarkup = false"