hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

JS: Accept an alert

Browse Source
This commit is contained in:
Asger F
2025-02-25 16:52:08 +01:00
parent 49274d5f73
commit 976096540f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/test/query-tests/Security/CWE-918/clientSide.js
View File

@@ -11,7 +11,7 @@ export function MyComponent() {
const query = window.location.search.substring(1);
request('https://example.com/api/' + query + '/id'); // $ Alert[js/client-side-request-forgery]
request('https://example.com/api?q=' + query);
request('https://example.com/api/' + window.location.search); // likely OK - but currently flagged anyway
request('https://example.com/api/' + window.location.search); // $ Alert[js/client-side-request-forgery] - likely OK - but currently flagged anyway
const fragment = window.location.hash.substring(1);
request('https://example.com/api/' + fragment + '/id'); // $ Alert[js/client-side-request-forgery]