Hello Python developers,
We are proud to announce the availability of a rule detecting reflected XSS (Cross-Site Scripting) vulnerabilities in your Python code. This rule analyzes your Flask and Django controllers and determine if any user-tainted data can reach the template engine layer (Jinja2 or DTL) where the XSS can be exploited.
Here is an example of a detection on a Flask application:
If you want to fully benefit from this new detection, the template files (.html files) must be part of the scope of the analysis like this:
sonar.sources=path_to_your_python_files_dir, path_to_your_template_dir sonar.inclusions=**/*.py,**/*.html