Injection: Frontend Template Injection¶

Identifier: improper_input_frontend_template_injection

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Frontend template injection vulnerabilities occur when user-supplied data is processed by template engines without proper validation, allowing attackers to inject malicious template code that executes in the browser.

How we test: We inject template injection payloads into frontend request parameters and analyze responses to detect if template code is executed. We test for various template injection techniques across different template engines and check if user input is properly sanitized before template processing.

References:

https://portswigger.net/web-security/cross-site-scripting

Configuration¶

Example¶

Example configuration:

---
security_tests:
  improper_input_frontend_template_injection:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.