id: xss-disable-mustache-escape

info:
  name: XSS Disable Mustache Escape
  author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
  severity: info
  description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
  tags: file,nodejs,mustache,xss

file:
  - extensions:
      - all

    matchers:
      - type: regex
        regex:
          - "[\\w\\W]+?\\.escapeMarkup = false"