hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: preserve document.url label out of .href property

Browse Source
This commit is contained in:
Asger F
2018-10-10 17:05:39 +01:00
parent ea297dd442
commit 03b479114f
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/semmle/javascript/security/dataflow/ClientSideUrlRedirect.qll
View File

@@ -65,6 +65,11 @@ module ClientSideUrlRedirect {
queryAccess(pred, succ) and
f instanceof DocumentUrl and
g = DataFlow::FlowLabel::taint()
or
// preserve document.url label in step from `location` to `location.href`
f instanceof DocumentUrl and
g instanceof DocumentUrl and
succ.(DataFlow::PropRead).accesses(pred, "href")
}
}