Path: devsecops-sandbox/workflow_generator/resource_generator.py
Line: environment = Environment(loader=FileSystemLoader("workflow_generator/"))
Message: Detected direct use of jinja2. If not done properly, this may bypass HTML escaping which opens up the application to cross-site scripting (XSS) vulnerabilities. Prefer using the Flask method 'render_template()' and templates with a '.html' extension in order to prevent XSS.
CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
References: ['https://jinja.palletsprojects.com/en/2.11.x/api/#basics']
anguhari77
commented
11 months ago
Path: devsecops-sandbox/workflow_generator/resource_generator.py Line: environment = Environment(loader=FileSystemLoader("workflow_generator/")) Message: Detected direct use of jinja2. If not done properly, this may bypass HTML escaping which opens up the application to cross-site scripting (XSS) vulnerabilities. Prefer using the Flask method 'render_template()' and templates with a '.html' extension in order to prevent XSS. CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') References: ['https://jinja.palletsprojects.com/en/2.11.x/api/#basics']