I am writing the backend of an application using express in node.js. Checkmarx highlights this issue: Improper Neutralization of Input During Web Page Generation
The line of code highlighted:
const token = req.params.company2tftoken;
What can I do to fix this? Any article will also work.
Here’s a quick intro to what Reflected XSS is and what harm this vulnerability can do to your Node app
const token = querystring.escape(req.params.company2tftoken);