hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Add new tests for recognising receiver of event handler as DOM element.

Browse Source
This commit is contained in:
Max Schaefer
2021-02-24 17:21:44 +00:00
parent a4d7bfbb2b
commit ae2a5da63f
6 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected
View File

@@ -0,0 +1 @@
| query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js:2 | expected an alert, but found none | NOT OK | |

3
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/event-handler-receiver.js Normal file
View File

@@ -0,0 +1,3 @@
document.getElementById('my-id').onclick = function() {
this.parentNode.innerHTML = '<h2><a href="' + location.href + '">A link</a></h2>'; // NOT OK
};