rspec/rules/S5247/html/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
<!-- Django templates -->
<p>{{ variable|safe }}</p><!-- Sensitive -->
{% autoescape off %}<!-- Sensitive -->

<!-- Jinja2 templates -->
<p>{{ variable|safe }}</p><!-- Sensitive -->
{% autoescape false %}<!-- Sensitive -->
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 14 May 2019, 21:49:57 Lars Svensson wrote:
References:


Blade

https://laravel.com/docs/5.8/blade


Twig

https://twig.symfony.com/doc/2.x/tags/autoescape.html

https://twig.symfony.com/doc/2.x/filters/escape.html


Smarty

https://www.smarty.net/docs/en/variable.escape.html.tpl


Freemarker

https://freemarker.apache.org/docs/dgui_misc_autoescaping.html#dgui_misc_autoescaping_disableautoesc

https://freemarker.apache.org/docs/ref_directive_escape.html

https://freemarker.apache.org/docs/ref_directive_ftl.html


Django

https://docs.djangoproject.com/en/dev/ref/templates/builtins/#autoescape


Jelly

https://wiki.jenkins.io/display/JENKINS/Jelly+and+XSS+prevention


JSF

https://docs.oracle.com/javaee/7/javaserver-faces-2-2/vdldocs-facelets/h/outputText.html

https://docs.oracle.com/javaee/6/javaserverfaces/2.1/docs/vdldocs/facelets/f/selectItem.html

https://docs.oracle.com/javaee/6/javaserverfaces/2.1/docs/vdldocs/facelets/f/selectItems.html


Spring

https://docs.spring.io/spring/docs/1.2.x/taglib/tag/HtmlEscapeTag.html

https://docs.spring.io/spring/docs/1.1.5/taglib/tag/EscapeBodyTag.html



=== on 14 Aug 2019, 17:24:19 Pierre-Loup Tristant wrote:
Jinja2


https://jinja.palletsprojects.com/en/2.9.x/templates/#autoescape-overrides

https://jinja.palletsprojects.com/en/2.9.x/templates/#safe

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]