feat: exclude hugo framework safeURL, safeHTML keyword from squirrell…

…y true positives Signed-off-by: sebastien.heurtematte <[email protected]>
ajinabraham · Apr 8, 2024 · a84fcd6 · a84fcd6
1 parent 40ff09e
commit a84fcd6
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/njsscan/rules/pattern_matcher/template_rules.yaml b/njsscan/rules/pattern_matcher/template_rules.yaml
@@ -69,7 +69,7 @@
   message: The Squirrelly.js template has an unescaped variable. Untrusted user input
     passed to this variable results in Cross Site Scripting (XSS)
   type: Regex
-  pattern: '{{.+\|.*safe.*}}'
+  pattern: '{{(?!.*(?:safeURL|safeHTML|safeCSS|safeJS|safeJSStr|safeHTMLAttr)).*\|.*safe.*}}'
   severity: ERROR
   input_case: exact
   metadata: