hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5391 from erik-krogh/additionalXss

Browse Source 
Approved by asgerf
This commit is contained in:
CodeQL CI
2021-03-15 04:50:54 -07:00
committed by GitHub
parent e37ba75599 d7b0f628a1
commit a9c292e265
3 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/semmle/javascript/heuristics/AdditionalSources.qll
View File

@@ -44,7 +44,8 @@ class RemoteServerResponse extends HeuristicSource, RemoteFlowSource {
// exclude URLs to the current host
r.getUrl().mayHaveStringValue(url) and
protocolPattern = "(?[a-z+]{3,10}:)" and
not url.regexpMatch(protocolPattern + "?//.*")
not url.regexpMatch(protocolPattern + "?//.*") and
not url.prefix(2) = ["{{", "{%"] // look like templating
)
)
}