hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

add more attributes potentially vulnerable to xss-through-dom

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-04-20 11:48:33 +02:00
parent 12f4ce8111
commit 73b0aa4004
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll
View File

@@ -44,7 +44,8 @@ module XssThroughDom {
bindingset[result]
string unsafeAttributeName() {
result.regexpMatch("data-.*") or
result = ["name", "value"]
result.regexpMatch("aria-.*") or
result = ["name", "value", "title", "alt"]
}
/**