id: xss-disable-mustache-escape info: name: XSS Disable Mustache Escape author: me_dheeraj (https://twitter.com/Dheerajmadhukar) severity: info description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks. tags: file,nodejs,mustache,xss file: - extensions: - all matchers: - type: regex regex: - "[\\w\\W]+?\\.escapeMarkup = false" # digest: 4a0a00473045022041c26d15e30a67da51faf8296e3dcfa26d1debb48e546df53fd49950ac2755bc022100ba0c25be763311d27fd4b84f86a184a622246c44589a783faac58165f161b5c9:922c64590222798bb761d5b6d8e72950