Details
Alert ID 210016-1
Alert Type Tool
Status alpha
Risk Medium
CWE 79
WASC
Technologies Targeted All
Tags CWE-79
OWASP_2021_A03
OWASP_2025_A05
TOOL_PTK

Summary

Tainted HTML parsed through DOMParser.parseFromString with an HTML-like MIME type.

Generated by OWASP PTK IAST Module

Solution

• Avoid parsing or inserting untrusted HTML fragments. • Prefer inert parsing only for trusted templates and sanitize before later insertion. • Do not use setHTMLUnsafe with untrusted values.

Other Info

References

Code

src/ptk/background/iast/modules/modules.json