Unsanitized user input in raw HTML strings (XSS)

Rule ID: ruby_rails_render_using_user_input
Languages: ruby
Source: render_using_user_input.yml

Description

Including unsanitized user input in HTML responses can lead to cross-site scripting (XSS) attacks. This vulnerability exposes your application to malicious scripts injected by attackers, compromising user data and browser security.

Remediations

Do not include unsanitized user input directly in HTML responses. This practice makes your application vulnerable to XSS attacks.
```
render html: "<h1>#{params[:title]}</h1>"
```
Do sanitize user input before including it in an HTML response to prevent XSS attacks.
```
render html: "<h1>#{strip_tags(params[:title])}</h1>"
```

References

OWASP Cross-Site Scripting (XSS) Cheatsheet

Associated CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top 10

A03:2021 - Injection

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=ruby_rails_render_using_user_input

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=ruby_rails_render_using_user_input