┌─────────────────┐
│ 6 Code Findings │
└─────────────────┘
presentation/estimate.go
❯❱ go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping
that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and
render data using 'template.Execute()'.
Details: https://sg.run/EkbA
28┆ w.Write(responseBody)
⋮┆----------------------------------------
61┆ w.Write(responseBody)
⋮┆----------------------------------------
92┆ w.Write(responseBody)
presentation/order.go
❯❱ go.lang.security.audit.xss.no-direct-write-to-responsewriter.no-direct-write-to-responsewriter
Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping
that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and
render data using 'template.Execute()'.
Details: https://sg.run/EkbA
28┆ w.Write(responseBody)
⋮┆----------------------------------------
84┆ w.Write(responseBody)
⋮┆----------------------------------------
106┆ w.Write(responseBody)
Here are the results of the Semgrep scan: