From 793e9486e793c15142aa3a04d27ea9c96b5bbdd4 Mon Sep 17 00:00:00 2001
From: Anand Tiwari <anandtiwarics@gmail.com>
Date: Thu, 25 Nov 2021 08:30:08 +0530
Subject: [PATCH] removed safe from auto escape html due to security concern

---
 templates/networkscanners/scans/vuln_details.html | 6 +++---
 templates/pentest/manual_vuln_data.html           | 2 +-
 templates/staticscanners/scans/vuln_details.html  | 6 +++---
 templates/webscanners/scans/vuln_details.html     | 6 +++---
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/templates/networkscanners/scans/vuln_details.html b/templates/networkscanners/scans/vuln_details.html
index 1b0a460f..be36b1ac 100644
--- a/templates/networkscanners/scans/vuln_details.html
+++ b/templates/networkscanners/scans/vuln_details.html
@@ -31,7 +31,7 @@ <h5 class="mb-0">
                             <div id="collapseOne" class="collapse show" aria-labelledby="headingOne"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.description | safe }}
+                                    {{ data.description }}
 
                                 </div>
                             </div>
@@ -73,7 +73,7 @@ <h5 class="mb-0">
                             <div id="collapseThree" class="collapse" aria-labelledby="headingThree"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.solution | safe }}
+                                    {{ data.solution }}
                                 </div>
                             </div>
                         </div>
@@ -90,7 +90,7 @@ <h5 class="mb-0">
                             <div id="collapseFour" class="collapse" aria-labelledby="headingFour"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    <a href="{{ data.references | safe }}">{{ data.references | safe }}</a>
+                                    <a href="{{ data.references }}">{{ data.references }}</a>
                                 </div>
                             </div>
                         </div>
diff --git a/templates/pentest/manual_vuln_data.html b/templates/pentest/manual_vuln_data.html
index d06cd428..e146ed13 100644
--- a/templates/pentest/manual_vuln_data.html
+++ b/templates/pentest/manual_vuln_data.html
@@ -76,7 +76,7 @@ <h5 class="mb-0">
                             <div id="collapse4" class="collapse" aria-labelledby="heading4"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.reference | safe }}
+                                    {{ data.reference }}
                                 </div>
                             </div>
                         </div>
diff --git a/templates/staticscanners/scans/vuln_details.html b/templates/staticscanners/scans/vuln_details.html
index 01002695..01e524c0 100644
--- a/templates/staticscanners/scans/vuln_details.html
+++ b/templates/staticscanners/scans/vuln_details.html
@@ -31,7 +31,7 @@ <h5 class="mb-0">
                             <div id="collapseOne" class="collapse show" aria-labelledby="headingOne"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.description | safe }}
+                                    {{ data.description }}
 
                                 </div>
                             </div>
@@ -68,7 +68,7 @@ <h5 class="mb-0">
                             <div id="collapseThree" class="collapse" aria-labelledby="headingThree"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    <a href="{{ data.solution | safe }}">{{ data.solution | safe }}</a>
+                                    <a href="{{ data.solution }}">{{ data.solution }}</a>
                                 </div>
                             </div>
                         </div>
@@ -85,7 +85,7 @@ <h5 class="mb-0">
                             <div id="collapseFour" class="collapse" aria-labelledby="headingFour"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    <a href="{{ data.references | safe }}">{{ data.references | safe }}</a>
+                                    <a href="{{ data.references }}">{{ data.references }}</a>
                                 </div>
                             </div>
                         </div>
diff --git a/templates/webscanners/scans/vuln_details.html b/templates/webscanners/scans/vuln_details.html
index ef75bb5d..f705d219 100644
--- a/templates/webscanners/scans/vuln_details.html
+++ b/templates/webscanners/scans/vuln_details.html
@@ -36,7 +36,7 @@ <h5 class="mb-0">
                             <div id="collapseOne" class="collapse show" aria-labelledby="headingOne"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.description | safe }}
+                                    {{ data.description | striptags }}
                                 </div>
                             </div>
                         </div>
@@ -126,7 +126,7 @@ <h5 class="mb-0">
                             <div id="collapseThree" class="collapse" aria-labelledby="headingThree"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.solution | safe }}
+                                    {{ data.solution | striptags }}
                                 </div>
                             </div>
                         </div>
@@ -143,7 +143,7 @@ <h5 class="mb-0">
                             <div id="collapse4" class="collapse" aria-labelledby="heading4"
                                  data-parent="#accordionExample">
                                 <div class="card-body">
-                                    {{ data.reference | safe }}
+                                    {{ data.reference }}
                                 </div>
                             </div>
                         </div>