MetaCredo.
View Source
Detects inline executable code in templates/strings (XSS/injection risk).
Identifies patterns where inline JavaScript handlers (onclick, onerror), script tags, dangerouslySetInnerHTML, or similar dangerous patterns appear in string literals. Prefer CSP-compliant external scripts or phx-* bindings in Phoenix.
Category: Security / Priority: high