Details
Alert ID 210000-4
Alert Type Tool
Status alpha
Risk High
CWE 79
WASC
Technologies Targeted All
Tags CWE-79
OWASP_2021_A03
OWASP_2025_A05
TOOL_PTK

Summary

Tainted HTML passed into insertAdjacentHTML. Generated by OWASP PTK IAST Module

Solution

• Avoid inserting untrusted strings into HTML or inline handlers. • Prefer textContent or safe templating; sanitize with DOMPurify when HTML is required. • Use CSP without unsafe-inline where possible.

Other Info

References

Code

src/ptk/background/iast/modules/modules.json