Rule Definition
This could lead to a potential Cross Site Scripting (XSS) vulnerability. Using a XSS vulnerability, an attacker could inject malicious JavaScript and execute any action JavaScript could do. Examples include: - Stealing authentication material (e.g. cookies, JWT tokens) - Exfiltrate sensitive information by reading the DOM - Keylog entries on the website (e.g. fake login form) Whether this is exploitable or not depends on a few conditions: - Is an executable mimetype set? (e.g. text/html) - Is the content served inline or as attachment? (Content-Disposition) - Is the output properly sanitized? (e.g. stripping all HTML tags or having an allowlist of allowed characters)

Remediation
Sanitize user-input by using functions such as htmlentities with the ENT_QUOTES flag or use an allowlist. Set all cookies to HTTPOnly. Consider using Content Security Policy (CSP), to limit the risk of XSS vulnerabilities.

Violation Code Sample

<?php

$name = $_GET["name"];

printName($name);

function printName(string $name) {
    echo $name;      // VIOLATION
}

Fixed Code Sample

<?php

$name = $_GET["name"];
$escaped_name = htmlentities($name, ENT_QUOTES);  // ESCAPE STRING

printName($escaped_name);   

function printName(string $name) {
    echo $name;                                   // FIXED
}

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') https://cwe.mitre.org/data/definitions/79.html OWASP Wiki for Cross Site Scripting (XSS) https://owasp.org/www-community/attacks/xss/ Content-Security-Policy - Web Fundamentals https://web.dev/csp/