hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: whitelist $(location) in simple cases

Browse Source
This commit is contained in:
Asger F
2018-12-18 13:01:22 +00:00
parent c17eca90a1
commit 02978c97f1
4 changed files with 3 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/dataflow/DomBasedXss.qll
View File

@@ -91,7 +91,8 @@ module DomBasedXss {
isPrefixOfJQueryHtmlString(astNode, prefix) and
strval = prefix.asExpr().getStringValue() and
not strval.regexpMatch("\\s*<.*")
)
) and
not isDocumentURL(astNode)
)
or
// call to an Angular method that interprets its argument as HTML