hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

recognize barrier guard where the result is stored in a variable

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-27 20:25:43 +02:00
parent 562a38cdd5
commit 1a2db10a90
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
javascript/ql/test/query-tests/Security/CWE-079/ReflectedXssGood.js
View File

@@ -68,3 +68,20 @@ app.get('/user/:id', function(req, res) {
res.send(escapeHtml1(url)); // OK
});
const matchHtmlRegExp = /["'&<>]/;
function escapeHtml2 (string) {
const str = '' + string;
const match = matchHtmlRegExp.exec(str);
if (!match) {
return str;
}
}
app.get('/user/:id', function(req, res) {
const url = req.params.id;
res.send(escapeHtml2(url)); // OK
});