mirror of
https://github.com/github/codeql.git
synced 2026-05-02 20:25:13 +02:00
updated tests to consider document.getSelection()
This commit is contained in:
bananabr
@@ -139,12 +139,17 @@ nodes
|
||||
| xss-through-dom.js:122:53:122:67 | ev.target.files |
|
||||
| xss-through-dom.js:122:53:122:67 | ev.target.files |
|
||||
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
|
||||
| xss-through-dom.js:129:6:129:42 | linkText |
|
||||
| xss-through-dom.js:129:17:129:36 | selection.toString() |
|
||||
| xss-through-dom.js:129:17:129:36 | selection.toString() |
|
||||
| xss-through-dom.js:129:17:129:42 | selecti ... ) \|\| '' |
|
||||
| xss-through-dom.js:130:19:130:26 | linkText |
|
||||
| xss-through-dom.js:130:19:130:26 | linkText |
|
||||
| xss-through-dom.js:130:6:130:68 | linkText |
|
||||
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' |
|
||||
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
|
||||
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() |
|
||||
| xss-through-dom.js:131:19:131:26 | linkText |
|
||||
| xss-through-dom.js:131:19:131:26 | linkText |
|
||||
| xss-through-dom.js:132:16:132:23 | linkText |
|
||||
| xss-through-dom.js:132:16:132:23 | linkText |
|
||||
edges
|
||||
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
|
||||
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
|
||||
@@ -231,11 +236,16 @@ edges
|
||||
| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] |
|
||||
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
|
||||
| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) |
|
||||
| xss-through-dom.js:129:6:129:42 | linkText | xss-through-dom.js:130:19:130:26 | linkText |
|
||||
| xss-through-dom.js:129:6:129:42 | linkText | xss-through-dom.js:130:19:130:26 | linkText |
|
||||
| xss-through-dom.js:129:17:129:36 | selection.toString() | xss-through-dom.js:129:17:129:42 | selecti ... ) \|\| '' |
|
||||
| xss-through-dom.js:129:17:129:36 | selection.toString() | xss-through-dom.js:129:17:129:42 | selecti ... ) \|\| '' |
|
||||
| xss-through-dom.js:129:17:129:42 | selecti ... ) \|\| '' | xss-through-dom.js:129:6:129:42 | linkText |
|
||||
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText |
|
||||
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText |
|
||||
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText |
|
||||
| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText |
|
||||
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' |
|
||||
| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | xss-through-dom.js:130:6:130:68 | linkText |
|
||||
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
|
||||
| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() |
|
||||
#select
|
||||
| forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
|
||||
| forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
|
||||
@@ -273,4 +283,7 @@ edges
|
||||
| xss-through-dom.js:115:16:115:18 | src | xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:115:16:115:18 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:114:17:114:52 | documen ... k").src | DOM text |
|
||||
| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:120:23:120:37 | ev.target.files | DOM text |
|
||||
| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:122:53:122:67 | ev.target.files | DOM text |
|
||||
| xss-through-dom.js:130:19:130:26 | linkText | xss-through-dom.js:129:17:129:36 | selection.toString() | xss-through-dom.js:130:19:130:26 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:129:17:129:36 | selection.toString() | DOM text |
|
||||
| xss-through-dom.js:131:19:131:26 | linkText | xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:131:19:131:26 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:17:130:37 | wSelect ... tring() | DOM text |
|
||||
| xss-through-dom.js:131:19:131:26 | linkText | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:131:19:131:26 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | DOM text |
|
||||
| xss-through-dom.js:132:16:132:23 | linkText | xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:132:16:132:23 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:17:130:37 | wSelect ... tring() | DOM text |
|
||||
| xss-through-dom.js:132:16:132:23 | linkText | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:132:16:132:23 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | DOM text |
|
||||
|
||||
@@ -125,8 +125,10 @@ class Sub extends Super {
|
||||
|
||||
(function () {
|
||||
let elem = document.createElement('a');
|
||||
const selection = getSelection();
|
||||
let linkText = selection.toString() || '';
|
||||
const wSelection = getSelection();
|
||||
const dSelection = document.getSelection();
|
||||
let linkText = wSelection.toString() || dSelection.toString() || '';
|
||||
elem.innerHTML = linkText; // NOT OK
|
||||
$("#id").html(linkText); // NOT OK
|
||||
elem.innerText = linkText; // OK
|
||||
})();
|
||||
Reference in New Issue
Block a user