hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Added test case which is not flagged but should be abusing new RegExp with global flag

Browse Source
This commit is contained in:
Napalys
2024-11-26 09:18:51 +01:00
parent d6372aebc7
commit 41f21d429b
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js
View File

@@ -327,4 +327,8 @@ function incompleteComplexSanitizers() {
if (str === "\"")
return """;
}) + '"';
}
}
function typicalBadHtmlSanitizers(s) {
s().replace(new RegExp("[<>]", "g"),''); // NOT OK -- should be not okay, but is not flagged
}