hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

add the html argument to the jQuery functions as an XSS sink

Browse Source
This commit is contained in:
erik-krogh
2023-03-03 11:09:53 +01:00
parent 94870b838f
commit a6c9af4182
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
View File

@@ -157,6 +157,8 @@ nodes
| xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:150:24:150:26 | src |
edges
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
@@ -257,6 +259,8 @@ edges
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src |
#select
@@ -302,3 +306,4 @@ edges
| xss-through-dom.js:132:16:132:23 | linkText | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:132:16:132:23 | linkText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:130:42:130:62 | dSelect ... tring() | DOM text |
| xss-through-dom.js:140:19:140:21 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:140:19:140:21 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:141:25:141:27 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:141:25:141:27 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |
| xss-through-dom.js:150:24:150:26 | src | xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:150:24:150:26 | src | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:139:17:139:52 | documen ... k").src | DOM text |

2
javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js
View File

@@ -147,5 +147,5 @@ const cashDom = require("cash-dom");
};
cashDom("#id").html(DOMPurify ? DOMPurify.sanitize(src) : src); // OK
$("<a />", { html: src }).appendTo("#id"); // NOT OK - but not flagged [INCONSISTENCY]
$("<a />", { html: src }).appendTo("#id"); // NOT OK
})();