- Query (
go/html-template-escaping-bypass-xss) has been promoted to the main query suite. This query finds potential cross-site scripting (XSS) vulnerabilities when using thehtml/templatepackage, caused by user input being cast to a type which bypasses the HTML autoescaping. It was originally contributed to the experimental query pack by @gagliardetto in github/codeql-go#493.