mirror of
https://github.com/github/codeql.git
synced 2026-04-27 17:55:19 +02:00
rename and move getAPropertyNameInterpretedAsJavaScriptUrl
This commit is contained in:
Erik Krogh Kristensen
@@ -491,4 +491,11 @@ module DOM {
|
||||
or
|
||||
result.hasUnderlyingType("Document")
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if a value assigned to property `name` of a DOM node can be interpreted as JavaScript via the `javascript:` protocol.
|
||||
*/
|
||||
string getAPropertyNameInterpretedAsJavaScriptUrl() {
|
||||
result = ["action", "formaction", "href", "src", "data"]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -172,7 +172,9 @@ module ClientSideUrlRedirect {
|
||||
*/
|
||||
class ReactAttributeWriteUrlSink extends ScriptUrlSink {
|
||||
ReactAttributeWriteUrlSink() {
|
||||
exists(JSXAttribute attr | attr.getName() = propertyNameIsInterpretedAsJavaScriptUrl() |
|
||||
exists(JSXAttribute attr |
|
||||
attr.getName() = DOM::getAPropertyNameInterpretedAsJavaScriptUrl()
|
||||
|
|
||||
this = attr.getValue().flow()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -122,17 +122,10 @@ class DomPropWriteNode extends Assignment {
|
||||
* Holds if the assigned value is interpreted as JavaScript via javascript: protocol.
|
||||
*/
|
||||
predicate interpretsValueAsJavaScriptUrl() {
|
||||
lhs.getPropertyName() = propertyNameIsInterpretedAsJavaScriptUrl()
|
||||
lhs.getPropertyName() = DOM::getAPropertyNameInterpretedAsJavaScriptUrl()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if a value assigned to property `name` of a DOM node can be interpreted as JavaScript via the `javascript:` protocol.
|
||||
*/
|
||||
string propertyNameIsInterpretedAsJavaScriptUrl() {
|
||||
result = ["action", "formaction", "href", "src", "data"]
|
||||
}
|
||||
|
||||
/**
|
||||
* A value written to web storage, like `localStorage` or `sessionStorage`.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user