include::../description.adoc[]

== Noncompliant Code Example

[source,javascript]
----
function (req, res) {
  const tainted = req.query.name;

  res.send(tainted); // Noncompliant
};
----

== Compliant Solution

[source,javascript]
----
import sanitizeHtml from "sanitize-html"; 

function (req, res) {
  const tainted = req.query.name;

  res.send(sanitizeHtml(tainted)); // Noncompliant
};
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]