Checkmarx scans reports erros in jQuery methods like append(), html() and text().
Actual error: The application's methodname(in my code) embeds untrusted data in the generated output with append at filename. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.
Checkmarx version: 9.3.0.1139
jQuery version: 3.5.1
This error did not occur in the previous checkmarx version 8.9.0.210 HF14.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
