hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #268 from sjvs/fix-javascript-example

Browse Source 
JavaScript: fix two examples based on LGTM.com alerts
This commit is contained in:
Max Schaefer
2018-10-03 08:16:19 +01:00
committed by GitHub
parent d44761eaca c4eb6f0056
commit 09aa04bf00
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Security/CWE-079/examples/StoredXss.js
View File

@@ -6,7 +6,7 @@ express().get('/list-directory', function(req, res) {
var list = '<ul>';
fileNames.forEach(fileName => {
// BAD: `fileName` can contain HTML elements
list += '<li>' + fileName '</li>';
list += '<li>' + fileName + '</li>';
});
list += '</ul>'
res.send(list);

2
javascript/ql/src/Security/CWE-079/examples/StoredXssGood.js
View File

@@ -7,7 +7,7 @@ express().get('/list-directory', function(req, res) {
var list = '<ul>';
fileNames.forEach(fileName => {
// GOOD: escaped `fileName` can not contain HTML elements
list += '<li>' + escape(fileName) '</li>';
list += '<li>' + escape(fileName) + '</li>';
});
list += '</ul>'
res.send(list);