Injection: HTML Injection¶

Identifier: html_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

HTML injection occurs when applications display user input without proper sanitization, allowing attackers to insert unwanted HTML or JavaScript that could change page behavior, steal sensitive information, or hijack user sessions.

How we test: We inject malicious HTML payloads into input fields and analyze responses to detect if HTML is reflected and executed in the browser. We check if applications properly sanitize or encode user input before display to prevent HTML injection vulnerabilities.

References:

https://owasp.org/www-community/attacks/HTML_Injection

Configuration¶

Example¶

Example configuration:

---
security_tests:
  html_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.