GrepRules
Sign inPublish rule
Explore/cve-2021-3988-jquery-html-xss-from-input

CVE-2021-3988: Jquery Html Xss From Input

User-provided input from an input element `.val()` is passed directly to `.html()`. This can lead to Cross-Site Scripting (XSS). Use `.text()` instead to avoid rendering raw HTML.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0JS
greprules fetch cve-2021-3988-jquery-html-xss-from-input --engine opengrep

Description

User-provided input from an input element `.val()` is passed directly to `.html()`. This can lead to Cross-Site Scripting (XSS). Use `.text()` instead to avoid rendering raw HTML.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
146 downloads0 direct146 via packs
· 0 stars · Quality score 72How quality works
Included packs
2 packs