go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.
- T
Tim Bastin detected go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin fixed go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin detected go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin fixed go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin detected go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin fixed go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin detected go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
- T
Tim Bastin fixed go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Reopen this vulnerability
Rule Details
Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.