зеркало из https://github.com/microsoft/DevSkim.git
933 B
933 B
Review eval for Untrusted Data
Summary
Details
If untrusted data is included in an eval statement it can allow an attacker to inject code into the application. Each usage of eval should be reviewed to ensure that no data generated outside of the application (from HTML requests, shared databases, etc.) can find its way into the eval statement
Severity Considerations
An XSS vulnerability allows an attacker to execute arbitrary JavaScript code within the victim's browser. The attacker's code may be able to access sensitive information retained by the victim's browser. XSS attacks can also rewrite page contents, redirect the victim's browser, and/or deliver malware to the victim's machine.