- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
ID: python-security/html-string-from-parameters
Language: Python
Severity: Error
Category: Security
Detect unsafe HTML content. User-input may be injected into HTML content without being sanitized.
User input should always be checked before being used in HTML data.
def my_function(arg1: str, arg2, arg3 = "blabla", arg4: str = "blibli"):
html1 = f"<div>{arg1}</div>"
html1 = "<div>{0}</div>".format(arg1)
html2 = f"<div>{arg2['bli']}</div>"
html2 = "<div>{0}</div>".format(arg2['bli'])
html3 = "<div>" + arg1 + "</div>"
render(f"<div>{arg1}</div>")
return html
def my_function2(arg1: str, arg2, arg3 = "blabla", arg4: str = "blibli"):
html1 = f"<div>{arg51}</div>"
html1 = "<div>{0}</div>".format(arg42)
html2 = f"<div>{arg26['bli']}</div>"
html2 = "<div>{0}</div>".format(arg51['bli'])
html3 = "<div>" + arg41 + "</div>"
render(f"<div>{arg51}</div>")
return html
def my_function3(arg1: str, arg2, arg3 = "blabla", arg4: str = "blibli"):
html1 = f"<div>{arg1}</div>"
html1 = "<div>{0}</div>".format(arg1)
html2 = f"<div>{arg2['bli']}</div>"
html2 = "<div>{0}</div>".format(arg2['bli'])
html3 = "<div>" + arg1 + "</div>"
render(f"<div>{arg1}</div>")
return html
def my_function(arg1: str, arg2, arg3 = "blabla", arg4: str = "blibli"):
html1 = f"<div>{sanitize_value(arg1)}</div>"
html1 = "<div>{0}</div>".format(sanitize_value(arg1))
html2 = f"<div>{sanitize_value(arg2['bli'])}</div>"
html2 = "<div>{0}</div>".format(sanitize_value(arg2['bli']))
html3 = "<div>" + sanitize_value(arg1) + "</div>"
render(f"<div>{sanitize_value(arg1)}</div>")
return html