18 lines
471 B
YAML
18 lines
471 B
YAML
id: xss-disable-mustache-escape
|
|
|
|
info:
|
|
name: XSS Disable Mustache Escape
|
|
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
|
severity: info
|
|
description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks.
|
|
tags: file,nodejs,mustache,xss
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "[\\w\\W]+?\\.escapeMarkup = false"
|