hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix test

Browse Source
This commit is contained in:
Slavomir
2021-03-08 19:19:21 +01:00
committed by Chris Smowton
parent 7b4a748793
commit 0bb5ef6af2
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.go Executable file → Normal file
View File

@@ -71,13 +71,13 @@ func bad(req *http.Request) {
func good(req *http.Request) {
tmpl, _ := template.New("test").Parse(`Hello, {{.}}\n`)
{ // This will be escaped, so it shoud NOT be caught:
var escaped = source(`<a href="example.com">link</a>`)
var escaped = req.UserAgent()
checkError(tmpl.Execute(os.Stdout, escaped))
}
{
// The converted source value does NOT flow to tmpl.Exec,
// so this should NOT be caught.
src := source(`<a href='example.com'>link</a>`)
src := req.UserAgent()
converted := template.HTML(src)
_ = converted
checkError(tmpl.Execute(os.Stdout, src))