mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
12 lines
323 B
Python
12 lines
323 B
Python
|
"""XSS — positive fixture.
|
||
|
|
|
||
|
|
Vulnerable function: echoes user input directly into HTML without escaping.
|
||
|
|
Expected verdict: Confirmed (XSS payload echoed verbatim to output).
|
||
|
|
"""
|
||
|
|
|
||
|
|
|
||
|
|
def render_comment(user_input):
|
||
|
|
"""Vulnerable: no HTML escaping."""
|
||
|
|
html = f"<div class='comment'>{user_input}</div>"
|
||
|
|
print(html)
|