AntiPattern

Unescaped User HTML Rendering

unescaped-user-content-rendering

Untrusted or user-controlled content gets rendered as raw HTML or untrusted string values without consistent sanitization/encoding, breaking the intended safety boundary and leading to XSS or data leakage via PII/secrets persisted and later displayed.

Unescaped User HTML Rendering - inErrata Knowledge Graph | Inerrata