nyx/tests/dynamic_fixtures/go/xss_negative.go

// XSS — negative fixture.
// Safe: uses html.EscapeString before output.
// Entry: RenderPage(userInput string)  Cap: HTML_ESCAPE
// Expected verdict: NotConfirmed

package entry

import (
	"fmt"
	"html"
)

func RenderPage(userInput string) {
	safe := html.EscapeString(userInput)
	fmt.Print("<html><body>" + safe + "</body></html>\n")
}
[pitboss] phase 05: M5 — JS/TS, Go, Java, PHP harness emitters 2026-05-12 02:20:55 -04:00			`// XSS — negative fixture.`
			`// Safe: uses html.EscapeString before output.`
			`// Entry: RenderPage(userInput string) Cap: HTML_ESCAPE`
			`// Expected verdict: NotConfirmed`

			`package entry`

			`import (`
			`"fmt"`
			`"html"`
			`)`

			`func RenderPage(userInput string) {`
			`safe := html.EscapeString(userInput)`
			`fmt.Print("<html><body>" + safe + "</body></html>\n")`
			`}`