SECURITY.md explained

Question

SECURITY.md explained

Closed this issue 5 months ago · 1 comments

In the SECURITY.md file it's mentioned that the following code is insecure:

app.get('/', (req, res) => {
    res.render('index', req.query);
});

Could you explain why?

Answer 1 · 2024-08-01T05:00:21.000Z

Because you are not checking what inputs are going into the render method. You are blindly passing end-user inputs into EJS, which means (depending on what's in your template) they could run arbitrary (and potentially malicious) JavaScript code on your server. It's a very similar security problem as SQL injection.