Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
Description
The application is using a vulnerable method `Handlebars.SafeString(...)` which does not escape the data passed through it. Untrusted user input passing through `SafeString` method can make the application vulnerable to Cross-Site Scripting (XSS) attacks. XSS attacks occur when an attacker injects malicious scripts into web pages viewed by other users, allowing them to bypass access controls and potentially access sensitive information or perform actions on behalf of the user.
Examples
Insecure Code
javascript
var returnObj = new Handlebars.SafeString('<h1>Handlebars safe string</h1>' + req.query.message)Secure Code
javascript
var returnObj = new Handlebars.SafeString('<h1>Handlebars safe string</h1>' + Handlebars.escapeExpression(req.query.message))Remediation
Use the `Handlebars.escapeExpression` method to escape user input while constructing `SafeString` to avoid potential security concerns.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0429 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-79 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | XSS, Cross-Site Scripting |
| OWASP | A7:2017-Cross-Site Scripting (XSS), A03:2021-Injection |