[Insight] Website should be protected against XSSVulnerability - in src/Eshop/…/views/Catalog/index.html.twig, line 58
morozovalexander opened this issue · 0 comments
morozovalexander commented
in src/Eshop/ShopBundle/Resources/views/Catalog/index.html.twig, line 58
Using the
|raw
filter or the{% autoescape false %}
block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks
<div class="well">
{% if news | length %}
<h4><strong>{{ news.title }}</strong></h4><div>{{ news.text|raw|nl2br }}</div><p class="pull-right">{{ news.date|date() }}</p>
{% else %}
{{ 'news.nonews'|trans }}
{% endif %}
</div>
Posted from SensioLabsInsight