CVE-2024-41810: Python Unescaped Html Dict Format
HTML content is formatted with a dictionary containing potentially unescaped values. If the value comes from user input, this could result in Cross-Site Scripting (XSS) or HTML injection. Apply HTML escaping (`html.escape()`) to the variable before or during interpolation to avoid exposing unescaped data in the presentation layer.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Python
Pythongreprules fetch cve-2024-41810-python-unescaped-html-dict-format --engine opengrepDescription
HTML content is formatted with a dictionary containing potentially unescaped values. If the value comes from user input, this could result in Cross-Site Scripting (XSS) or HTML injection. Apply HTML escaping (`html.escape()`) to the variable before or during interpolation to avoid exposing unescaped data in the presentation layer.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0