lang:

ERB

regex:

\.(html|before|after|append|prepend|appendTo|prependTo)\s*\(

description:

dangerous jquery methods

any untrusted input will be able to execute javascript code
tags:
xss, jquery, javascript
results