[Insight] Website should be protected against XSSVulnerability - in src/AppBundle/…/Admin/main/video.html.twig, line 12

Question

[Insight] Website should be protected against XSSVulnerability - in src/AppBundle/…/Admin/main/video.html.twig, line 12

pimolo opened this issue 9 years ago · comments

in src/AppBundle/Resources/views/Admin/main/video.html.twig, line 12

Using the |raw filter or the {% autoescape false %} block in a Twig template exposes users to Cross-Site Scripting (XSS) attacks

    {% include 'AppBundle:Admin:main/left-menu.html.twig' %}
{% for video in videos %}
        <p>Titre : {{ video.title }}</p><p>Durée : {{ video.duration|date('m:s') }}</p><p>Auteur : {{ video.author }}</p><p>Code embed : {{ video.embedCode|raw }}</p>
{% endfor %}
{% endblock %}

Posted from SensioLabsInsight