routes/ex.js
rule:javascript.express.security.audit.xss.direct-response-write.direct-response-write: Detected directly writing to a Response object. This bypasses any HTML escaping and may expose your app to a cross-site scripting (XSS) vulnerability. Instead, use 'resp.render()' to render safely escaped HTML. Details: https://sg.run/vzGl
29:      res.send( arr.join() );
--------------------------------------------------------------------------------
48:                      res.send( text );
ran 79 rules on 106 files: 2 findings