18 lines
467 B
Plaintext
18 lines
467 B
Plaintext
|
id: xss-disable-mustache-escape
|
||
|
|
||
|
info:
|
||
|
name: XSS Disable Mustache Escape
|
||
|
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||
|
severity: info
|
||
|
description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
|
||
|
tags: file,nodejs,mustache,xss
|
||
|
|
||
|
file:
|
||
|
- extensions:
|
||
|
- all
|
||
|
|
||
|
matchers:
|
||
|
- type: regex
|
||
|
regex:
|
||
|
- "\\$OBJ\\.escapeMarkup = false"
|