raw-html-join
insecure-innerhtml
$EL.innerHTML
is an anti-pattern that can lead to XSS vulnerabilitiesdom-based-xss
insecure-document-method
innerHTML
, outerHTML
or document.write
is an anti-pattern that can lead to XSS vulnerabilitiesjs-open-redirect-from-function
$PROP
which can control the location of the current window context. This can lead two types of vulnerabilities open-redirection and Cross-Site-Scripting (XSS) with JavaScript URIs. It is recommended to validate user-controllable input before allowing it to control the redirection.eval-detected
wildcard-postmessage-configuration
js-open-redirect
$PROP
which can control the location of the current window context. This can lead two types of vulnerabilities open-redirection and Cross-Site-Scripting (XSS) with JavaScript URIs. It is recommended to validate user-controllable input before allowing it to control the redirection.insufficient-postmessage-origin-validation
raw-html-concat