[Bug] XssTemplateSniff does not detect some use cases #65

lenaorobei · 2019-03-19T20:57:26Z

Preconditions

Create fixture with following code:

<?= /* @noEscape */ json_encode($config) ?>

Steps to reproduce

Run Magento2 Coding Standard against this code.

Expected result

No issues detected.
/* @noEscape */ is allowed.
https://devdocs.magento.com/guides/v2.3/frontend-dev-guide/templates/template-security.html

Actual result

WARNING | Unescaped output detected.

The text was updated successfully, but these errors were encountered:

…oding-standard-271 [Imported] Increased version to 10

lenaorobei added bug Something isn't working accepted New rule is accepted labels Mar 19, 2019

lenaorobei self-assigned this Mar 20, 2019

lenaorobei mentioned this issue Mar 20, 2019

XssTemplateSniff does not detect some use cases #66

Merged

lenaorobei closed this as completed in #66 Mar 20, 2019

magento-devops-reposync-svc pushed a commit that referenced this issue Sep 14, 2021

Merge pull request #65 from magento-commerce/imported-svera-magento-c…

ec62c5c

…oding-standard-271 [Imported] Increased version to 10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] XssTemplateSniff does not detect some use cases #65

[Bug] XssTemplateSniff does not detect some use cases #65

lenaorobei commented Mar 19, 2019

[Bug] XssTemplateSniff does not detect some use cases #65

[Bug] XssTemplateSniff does not detect some use cases #65

Comments

lenaorobei commented Mar 19, 2019

Preconditions

Steps to reproduce

Expected result

Actual result