Critiq Docs
Get started
security.output-encoding

Avoid ad hoc HTML sanitization

Hand-rolled HTML escaping and sanitization should be replaced with vetted sanitizers or safe rendering paths.

#Metadata

Rule ID
ts.security.manual-html-sanitization
Severity
medium
Confidence
0.88
Languages
javascript, typescript
Presets
security, strict
Stability
stable
Applies to
block
Tags
rules-catalog, sanitization, security, xss

#Why it matters

String replacement chains miss edge cases and are easy to bypass as rendering behavior evolves.

#Remediation

Use a vetted sanitizer or framework-native escaping model instead of string replacement chains.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.manual-html-sanitization.rule.yaml.

Back to registryOpen rule in repository