morozovalexander/symfocommerce

[Insight] Website should be protected against XSSVulnerability - in src/Eshop/…/Catalog/category.html.twig, line 50

morozovalexander opened this issue · 0 comments

morozovalexander commented

in src/Eshop/ShopBundle/Resources/views/Catalog/category.html.twig, line 50

Using the |raw filter or the {% autoescape false %} block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks

    </div><div class="row well well-lg"><h3 class="group inner list-group-item-heading">{{ category.name }}</h3><div class="caption"><p class="group inner list-group-item-text">
                {{ category.description|raw|nl2br }}
            </p></div></div>
{% endblock page_content %}

Posted from SensioLabsInsight