Get Started
- CodeAnt AI
- Setup
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Angular
- Aws-cdk
- Lang
- Nestjs
- Nextjs
- React
- Best practice
- Portability
- React-create-element-dangerouslysetinnerhtml-prop
- React-create-element-dangerouslysetinnerhtml-url
- React-create-element-href-prop
- React-create-element-href-url
- React-dangerouslysetinnerhtml-prop
- React-dangerouslysetinnerhtml-url
- React-href-prop
- React-href-url
- React-refs-prop
- React-refs-url
- Security
- Security
- Typescript
- Yaml
Audit
Storing JWT tokens in localStorage known to be a bad practice, consider moving your tokens from localStorage to a HTTP cookie.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-922: Insecure Storage of Sensitive Information
OWASP:
- A01:2021 - Broken Access Control
Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
Detection of dangerouslySetInnerHTML from non-constant definition. This can inadvertently expose users to cross-site scripting (XSS) attacks if this comes from user-provided input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
Property decoded from JWT token without verifying and cannot be trustworthy.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-922: Insecure Storage of Sensitive Information
OWASP:
- A01:2021 - Broken Access Control
Detected a variable used in an anchor tag with the ‘href’ attribute. A malicious actor may be able to input the ‘javascript:’ URI, which could cause cross-site scripting (XSS). It is recommended to disallow ‘javascript:’ URIs within your application.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
Detection of HTMLfromnon−constantdefinition.Thiscaninadvertentlyexposeuserstocross−sitescripting(XSS)attacksifthiscomesfromuser−providedinput.IfyouhavetouseHTML, consider using a sanitization library such as DOMPurify to sanitize your HTML.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection