apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/rust/xss_negative.rs
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

16 lines
616 B
Rust
Raw Permalink Blame History

/// XSS — negative fixture.
///
/// Safe function: HTML-escapes user input before embedding in output.
/// Expected verdict: NotConfirmed (XSS payload is escaped; no raw script tag in output).
/// Cap: HTML_ESCAPE Entry: `run(payload: &str)`
pub fn run(payload: &str) {
// Safe: escape all HTML special characters before rendering.
let escaped = payload
.replace('&', "&")
.replace('<', "&lt;")
.replace('>', "&gt;")
.replace('"', "&quot;")
.replace('\'', "&#x27;");
let html = format!("<div class='comment'>{}</div>", escaped);
println!("{}", html);
}
Reference in a new issue View git blame Copy permalink