mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-09 19:45:13 +02:00
11 lines
323 B
Python
11 lines
323 B
Python
"""XSS — positive fixture.
|
|
|
|
Vulnerable function: echoes user input directly into HTML without escaping.
|
|
Expected verdict: Confirmed (XSS payload echoed verbatim to output).
|
|
"""
|
|
|
|
|
|
def render_comment(user_input):
|
|
"""Vulnerable: no HTML escaping."""
|
|
html = f"<div class='comment'>{user_input}</div>"
|
|
print(html)
|