[Insight] Website should be protected against XSSVulnerability - in src/…/Catalog/showStaticPage.html.twig, line 15
morozovalexander opened this issue · 0 comments
morozovalexander commented
in src/Eshop/ShopBundle/Resources/views/Catalog/showStaticPage.html.twig, line 15
Using the
|raw
filter or the{% autoescape false %}
block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks
<div class="col-md-12"><div><h4><strong>{{ page.title }}</strong></h4><div>{{ page.content|raw|nl2br }}</div></div></div></div>
{% endblock page_content %}
Posted from SensioLabsInsight