mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Update the description message of template rule (#803)
This commit is contained in:
parent
0791d31471
commit
89dfdc0c97
1 changed files with 1 additions and 1 deletions
|
@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
|
||||||
ID: id,
|
ID: id,
|
||||||
Severity: gosec.Medium,
|
Severity: gosec.Medium,
|
||||||
Confidence: gosec.Low,
|
Confidence: gosec.Low,
|
||||||
What: "this method will not auto-escape HTML. Verify data is well formed.",
|
What: "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
|
||||||
},
|
},
|
||||||
}, []ast.Node{(*ast.CallExpr)(nil)}
|
}, []ast.Node{(*ast.CallExpr)(nil)}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue