hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

all split()[0] are safe for url-redirect

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-07 10:55:17 +02:00
parent a3fb13882b
commit 945fe45b6f
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst11.js
View File

@@ -3,4 +3,7 @@ function foo() {
var urlParts = document.location.href.split('?');
var loc = urlParts[0] + "?" + boxes.value;
window.location = loc
// Also OK.
window.location.replace(window.location.href.split("#")[0] + "#mappage");
}