Sanitize request data before unescaped template output in Rust

#Metadata

Rule ID

rust.security.template-unescaped-request-value

Severity

high

Confidence

0.74

Languages

rust

Presets

security, strict

Stability

experimental

Applies to

block

Tags

rules-catalog, rust, security, templates, xss

#Why it matters

Template `safe`/raw sinks disable escaping; feeding path, query, form, or JSON extractors there is a direct XSS vector.

#Remediation

HTML-escape with a vetted policy (for example `ammonia::clean`), keep auto-escaping on, and avoid `PreEscaped`/`Markup::raw` for untrusted strings.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/rust/rust.security.template-unescaped-request-value.rule.yaml.