Alert on html_safe (!7) · Merge requests · GitLab.com / GitLab Security Department / Product Security Department / Application Security / SAST Custom Rules

Dominic Couture requested to merge dcouture-html-safe into main May 17, 2023

This is still pretty noisy and currently finds more than 200 html_safe usage in the code base with all (I hope? 🤞) of them possibly being safe.

I think adding all of this to the vulnerability report would be noisy so I'd need to change the CI config on the other side as well. TODO! (EDIT: gitlab-org/gitlab!125754 (merged))

Related to #16

Edited Jul 07, 2023 by Dominic Couture

Alert on html_safe

Merge request reports