mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
16 lines
341 B
Go
16 lines
341 B
Go
// XSS — negative fixture.
|
|
// Safe: uses html.EscapeString before output.
|
|
// Entry: RenderPage(userInput string) Cap: HTML_ESCAPE
|
|
// Expected verdict: NotConfirmed
|
|
|
|
package entry
|
|
|
|
import (
|
|
"fmt"
|
|
"html"
|
|
)
|
|
|
|
func RenderPage(userInput string) {
|
|
safe := html.EscapeString(userInput)
|
|
fmt.Print("<html><body>" + safe + "</body></html>\n")
|
|
}
|