Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

scala.xss.scala_xss_rule_mvcapi

Severity

low

Resource

Xss

Language

Scala

Description

Disabling HTML escaping put the application at risk for Cross-Site Scripting (XSS).

Rationale

Disabling HTML escaping put the application at risk for Cross-Site Scripting (XSS).

The following code illustrates a vulnerable pattern detected by this rule:

def unsafe(value: String) =  Action{
  // VULNERABLE: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  Ok(value)
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-79
OWASP Top 10 2021 - A03 : Injection.