id: xss-disable-mustache-escape

info:
  name: XSS Disable Mustache Escape
  author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
  severity: info
  description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
  tags: file,nodejs,mustache,xss
file:
  - extensions:
      - all
    matchers:
      - type: regex
        regex:
          - "[\\w\\W]+?\\.escapeMarkup = false"

# digest: 4a0a00473045022041c26d15e30a67da51faf8296e3dcfa26d1debb48e546df53fd49950ac2755bc022100ba0c25be763311d27fd4b84f86a184a622246c44589a783faac58165f161b5c9:922c64590222798bb761d5b6d8e72950