rspec/rules/S5247/html/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
<!-- Laravel Blade templates -->
<p>{!! $variable !!}</p><!-- Sensitive -->

<!-- Twig templates -->
{% autoescape false %}<!-- Sensitive -->
{{ article.body|raw }}<!-- Sensitive -->

<!-- Smarty templates -->
<p>{$var nofilter}</p><!-- Sensitive -->

<!-- Django templates -->
<p>{{ variable|safe }}</p><!-- Sensitive -->
{% autoescape off %}<!-- Sensitive -->

<!-- Jinja2 templates -->
<p>{{ variable|safe }}</p><!-- Sensitive -->
{% autoescape false %}<!-- Sensitive -->

<!-- Apache Freemarker templates -->
<#ftl output_format="HTML" auto_esc=false><!-- Sensitive -->
<p>${message?no_esc}</p><!-- Sensitive -->
<#noautoesc><!-- Sensitive -->
<#noescape><!-- Sensitive -->

<!-- Jelly templates -->
<?jelly escape-by-default='false'?><!-- Sensitive -->
<j:out value="${t.name}"/><!-- Sensitive -->

<!-- Java Server Faces (JSF) -->
<h:outputText value="#{user.name}" escape="false" /><!-- Sensitive -->
<f:selectItem itemLabel="#{user.status3}" escapeItem="false" /><!-- Sensitive -->
<f:selectItems itemLabel="#{user.status3}" itemLabelEscaped="false" /><!-- Sensitive -->

<!-- JavaServer Pages (JSP) -->
<p><c:out value="${message}" escapeXml="false" /></p><!-- Sensitive -->

<!-- Java Spring -->
<spring:htmlEscape defaultHtmlEscape="false"><!-- Sensitive -->
<spring:escapeBody htmlEscape="false"><!-- Sensitive -->
<form:input path="lastName" htmlEscape="false" /><!-- Sensitive -->

<!-- Thymeleaf templates -->
<p th:utext="${message}" /><!-- Sensitive -->
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]
rename web to html 2021-02-10 17:04:49 +01:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`----`
			`<!-- Laravel Blade templates -->`
			`<p>{!! $variable !!}</p><!-- Sensitive -->`

			`<!-- Twig templates -->`
			`{% autoescape false %}<!-- Sensitive -->`
			`{{ article.body\|raw }}<!-- Sensitive -->`

			`<!-- Smarty templates -->`
			`<p>{$var nofilter}</p><!-- Sensitive -->`

			`<!-- Django templates -->`
			`<p>{{ variable\|safe }}</p><!-- Sensitive -->`
			`{% autoescape off %}<!-- Sensitive -->`

			`<!-- Jinja2 templates -->`
			`<p>{{ variable\|safe }}</p><!-- Sensitive -->`
			`{% autoescape false %}<!-- Sensitive -->`

			`<!-- Apache Freemarker templates -->`
			`<#ftl output_format="HTML" auto_esc=false><!-- Sensitive -->`
			`<p>${message?no_esc}</p><!-- Sensitive -->`
			`<#noautoesc><!-- Sensitive -->`
			`<#noescape><!-- Sensitive -->`

			`<!-- Jelly templates -->`
			`<?jelly escape-by-default='false'?><!-- Sensitive -->`
			`<j:out value="${t.name}"/><!-- Sensitive -->`

			`<!-- Java Server Faces (JSF) -->`
			`<h:outputText value="#{user.name}" escape="false" /><!-- Sensitive -->`
			`<f:selectItem itemLabel="#{user.status3}" escapeItem="false" /><!-- Sensitive -->`
			`<f:selectItems itemLabel="#{user.status3}" itemLabelEscaped="false" /><!-- Sensitive -->`

			`<!-- JavaServer Pages (JSP) -->`
			`<p><c:out value="${message}" escapeXml="false" /></p><!-- Sensitive -->`

			`<!-- Java Spring -->`
			`<spring:htmlEscape defaultHtmlEscape="false"><!-- Sensitive -->`
			`<spring:escapeBody htmlEscape="false"><!-- Sensitive -->`
			`<form:input path="lastName" htmlEscape="false" /><!-- Sensitive -->`

			`<!-- Thymeleaf templates -->`
			`<p th:utext="${message}" /><!-- Sensitive -->`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`