Audit
jquery-insecure-selector
jquery-insecure-selector
User controlled data in a $(...)
is an anti-pattern that can lead to XSS vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
prohibit-jquery-html
prohibit-jquery-html
JQuery’s html
function is susceptible to Cross Site Scripting (XSS) attacks. If you’re just passing text, consider text
instead. Otherwise, use a function that escapes HTML such as edX’s HtmlUtils.setHtml()
.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
jquery-insecure-method
jquery-insecure-method
User controlled data in a jQuery’s .$METHOD(...)
is an anti-pattern that can lead to XSS vulnerabilities
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection