rspec/rules/S5696/common/pitfalls/modification-after-sanitization.adoc

==== Modification after sanitization

Caution should be taken if the user-supplied data is further modified **after** this data was sanitized. Doing so might void the effects of sanitization and introduce new XSS vulnerabilities. In general, modification of this data should occur beforehand instead.
Modify rule S5696: Change text to progressive education format (APPSEC-423) (#1529) * Move metadata * Move message * Add text * Clarify text * Reword method to property in context of innerHTML 2023-02-01 13:23:58 +01:00			`==== Modification after sanitization`

			`Caution should be taken if the user-supplied data is further modified after this data was sanitized. Doing so might void the effects of sanitization and introduce new XSS vulnerabilities. In general, modification of this data should occur beforehand instead.`