[Insight] Website should be protected against XSSVulnerability - in src/AppBundle/…/Admin/main/video.html.twig, line 12
pimolo opened this issue · comments
Rémi Andrieux commented
in src/AppBundle/Resources/views/Admin/main/video.html.twig, line 12
Using the
|raw
filter or the{% autoescape false %}
block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks
{% include 'AppBundle:Admin:main/left-menu.html.twig' %}
{% for video in videos %}
<p>Titre : {{ video.title }}</p><p>Durée : {{ video.duration|date('m:s') }}</p><p>Auteur : {{ video.author }}</p><p>Code embed : {{ video.embedCode|raw }}</p>
{% endfor %}
{% endblock %}
Posted from SensioLabsInsight