hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow the empty string to flow to a JQuery XSS sink

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-04-23 16:36:20 +02:00
parent 96896fd7f5
commit 448ed150df
3 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/src/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -80,6 +80,7 @@ module DomBasedXss {
not exists(DataFlow::Node prefix, string strval |
isPrefixOfJQueryHtmlString(this, prefix) and
strval = prefix.getStringValue() and
not strval = "" and
not strval.regexpMatch("\\s*<.*")
) and
not DOM::locationRef().flowsTo(this)