mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
JS: Added test case which is not flagged but should be abusing new RegExp with global flag
This commit is contained in:
@@ -327,4 +327,8 @@ function incompleteComplexSanitizers() {
|
||||
if (str === "\"")
|
||||
return """;
|
||||
}) + '"';
|
||||
}
|
||||
}
|
||||
|
||||
function typicalBadHtmlSanitizers(s) {
|
||||
s().replace(new RegExp("[<>]", "g"),''); // NOT OK -- should be not okay, but is not flagged
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user