Avoid sending unsanitized user input in response
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: javascript-express/xss-vulnerability
Language: JavaScript
Severity: Warning
Category: Security
CWE: 79
Description
Returning unsanitized user input in a send
or write
method can increase your application’s risk of cross-site scripting attacks.
Learn More
Non-Compliant Code Examples
app.get("/", (req, res) => {
res.send(req.body.foo);
res.send({ title: "foo", message: req.body.foo });
res.write(req.body.foo);
res.write({ title: "foo", message: req.body.foo });
})
Compliant Code Examples
app.get("/", (req, res) => {
res.send("foo");
res.send({ title: "foo", message: 'foo' });
res.write("foo");
res.write({ title: "foo", message: 'foo' });
})
Seamless integrations. Try Datadog Code Analysis