hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update comment to remove explotable text

Browse Source 
This change updates a comment to point to the source of an exploit rather than pasting the proof-of-concept text in the comment itself.
This commit is contained in:
Andrew Eisenberg
2021-11-19 08:21:45 -08:00
committed by GitHub
parent 344f7bca5b
commit 5f1a8a0ac1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll
View File

@@ -648,8 +648,8 @@ module ExceptionXss {
* Such an error can contain property names from the input if the * Such an error can contain property names from the input if the
* underlying schema uses `additionalProperties` or `propertyPatterns`. * underlying schema uses `additionalProperties` or `propertyPatterns`.
* *
* For example, an input of form `{"<img src=x onerror=alert(1)>": 45}` might produce the error * See [RAD SecFlow-1v SF_0290_2.3.01.26 - Persistent Cross-Site Scripting](https://www.exploit-db.com/exploits/48807)
* `data/<img src=x onerror=alert(1)> should be string`. * for a proof of concept form that this exploit might take.
*/ */
private class JsonSchemaValidationError extends Source { private class JsonSchemaValidationError extends Source {
JsonSchemaValidationError() { JsonSchemaValidationError() {