From 89dfdc0c972655dfaa4eec7a115742a28e0bc216 Mon Sep 17 00:00:00 2001
From: Cosmin Cojocar <gcojocar@adobe.com>
Date: Tue, 5 Apr 2022 07:41:36 +0200
Subject: [PATCH] Update the description message of template rule (#803)

---
 rules/templates.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/templates.go b/rules/templates.go
index b9e7bb7..1eec7fb 100644
--- a/rules/templates.go
+++ b/rules/templates.go
@@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 			ID:         id,
 			Severity:   gosec.Medium,
 			Confidence: gosec.Low,
-			What:       "this method will not auto-escape HTML. Verify data is well formed.",
+			What:       "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
 		},
 	}, []ast.Node{(*ast.CallExpr)(nil)}
 }