[Insight] Website should be protected against XSSVulnerability - in src/Eshop/…/Catalog/category.html.twig, line 50
morozovalexander opened this issue · 0 comments
morozovalexander commented
in src/Eshop/ShopBundle/Resources/views/Catalog/category.html.twig, line 50
Using the
|raw
filter or the{% autoescape false %}
block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks
</div><div class="row well well-lg"><h3 class="group inner list-group-item-heading">{{ category.name }}</h3><div class="caption"><p class="group inner list-group-item-text">
{{ category.description|raw|nl2br }}
</p></div></div>
{% endblock page_content %}
Posted from SensioLabsInsight