User Controllable HTML Element Attribute (Potential XSS)

Type: Passive Scan

Description

This check looks at user-supplied input in query string parameters and POST data to identify where certain HTML attribute values might be controlled. This provides hot-spot detection for XSS (cross-site scripting) that will require further review by a security analyst to determine exploitability.

Solution

Validate all input and sanitize output it before writing to any HTML attributes.

References

Code

Last updated: 2020-07-20 08:53:37.296Z