This is a repo to track unsafe methods for different frameworks and JavaScript.
| Raw HTML | Disable Encoding | Notes |
|---|---|---|
| innerHTML | TBD | - eval() |
| - calling javascript: protocol directly |
| Raw HTML | Disable Encoding | Notes |
|---|---|---|
| innerHTML | TBD | TBD |
| bypassSecurityTrustHtml | ||
| Raw HTML | Disable Encoding | Notes |
|---|---|---|
| dangerouslySetInnerHTML | TBD | TBD |
| Raw HTML | Disable Encoding | SQL | Notes |
|---|---|---|---|
| TBD | safe | Manager.raw() | |
| is_safe | RawSQL | ||
| mark_safe | extra() |
| Raw HTML | Disable Encoding | SQL | Notes |
|---|---|---|---|
| TBD | noAutoescape | ||
| Raw HTML | Disable Encoding | SQL | Notes |
|---|---|---|---|
| TBD | TBD | ||