Skip to main content
Detected a call to $FUNC() in an attempt to HTML escape the string $STR. Manually sanitizing input through a manually built list can be circumvented in many situations, and it’s better to use a well known sanitization library such as sanitize-html or DOMPurify.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection