hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 20:58:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: address doc-review comments

Browse Source
This commit is contained in:
Esben Sparre Andreasen
2020-01-30 13:41:51 +01:00
parent c70997febf
commit 7f25c1bf47
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change-notes/1.24/analysis-javascript.md
View File

@@ -28,7 +28,7 @@
| Regular expression always matches (`js/regex/always-matches`) | correctness, regular-expressions | Highlights regular expression checks that trivially succeed by matching an empty substring. Results are shown on LGTM by default. |
| Missing await (`js/missing-await`) | correctness | Highlights expressions that operate directly on a promise object in a nonsensical way, instead of awaiting its result. Results are shown on LGTM by default. |
| Prototype pollution in utility function (`js/prototype-pollution-utility`) | security, external/cwe/cwe-400, external/cwe/cwe-471 | Highlights recursive copying operations that are susceptible to prototype pollution. Results are shown on LGTM by default. |
| Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | Highlights potential XSS vulnerabilities in unsafely designed jQuery plugins. |
| Unsafe jQuery plugin (`js/unsafe-jquery-plugin`) | Highlights potential XSS vulnerabilities in unsafely designed jQuery plugins. Results are shown on LGTM by default. |
## Changes to existing queries

17
javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.qhelp
View File

@@ -10,13 +10,14 @@
configurable through options provided by the clients of the
plugin.
Clients, however, do not know the implementation details of the
plugin, so it is important to document the capabilities of each
option. Of particular importance is the documentation for the plugin
options that the client is responsible for sanitizing.
Clients, however, do not know the implementation details
of the plugin, so it is important to document the capabilities of each
option. The documentation for the plugin options that the client is
responsible for sanitizing is of particular importance.
Otherwise, the plugin may write user input (for example, a URL query
parameter) to a web page without properly sanitizing the input first,
parameter) to a web page without properly sanitizing it first,
which allows for a cross-site scripting vulnerability in the client
application through dynamic HTML construction.
@@ -36,8 +37,8 @@
<example>
<p>
The following example shows a jQuery plugin that selects a DOM
element, and copies its text content another DOM element. The
The following example shows a jQuery plugin that selects a
DOM element, and copies its text content to another DOM element. The
selection is performed by using the plugin option
<code>sourceSelector</code> as a CSS selector.
@@ -47,7 +48,7 @@
<p>
This is however not a safe plugin, since the call to
This is, however, not a safe plugin, since the call to
<code>jQuery</code> interprets <code>sourceSelector</code> as HTML if
it is a string that starts with <code>&lt;</code>.