hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

adjust comment about slash position

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-08-13 11:33:31 +02:00
parent dc6943b739
commit 3fb9c28806
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-020/tst-IncompleteUrlSubstringSanitization.js
View File

@@ -69,7 +69,7 @@
doSomeThingWithTrustedURL(x);
}
x.startsWith("https://secure.com/foo/bar"); // OK - the trailing slash makes prefix checks safe.
x.startsWith("https://secure.com/foo/bar"); // OK - a forward slash after the domain makes prefix checks safe.
x.indexOf("https://secure.com/foo/bar") >= 0 // NOT OK - the url can be anywhere in the string.
x.indexOf("https://secure.com") >= 0 // NOT OK
});