QL code and tests for C#/C++/JavaScript.

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLAttribute.expected

@@ -0,0 +1,3 @@
+| tst.html:5:17:5:33 | src=external.js | tst.html:5:9:5:43 | <script>...</> | src | external.js |
+| tst.html:10:11:10:16 | ng-app= | tst.html:10:5:12:11 | <body>...</> | ng-app |  |
+| tst.html:11:12:11:49 | href=javascript:void(alert('Nope!')) | tst.html:11:9:11:64 | <a>...</> | href | javascript:void(alert('Nope!')) |

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLAttribute.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::Attribute a
+select a, a.getElement(), a.getName(), a.getValue()

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getAttribute.expected

@@ -0,0 +1,3 @@
+| tst.html:5:9:5:43 | <script>...</> | 0 | tst.html:5:17:5:33 | src=external.js |
+| tst.html:10:5:12:11 | <body>...</> | 0 | tst.html:10:11:10:16 | ng-app= |
+| tst.html:11:9:11:64 | <a>...</> | 0 | tst.html:11:12:11:49 | href=javascript:void(alert('Nope!')) |

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getAttribute.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::Element elt, int i
+select elt, i, elt.getAttribute(i)

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getChild.expected

@@ -0,0 +1,6 @@
+| tst.html:2:1:13:7 | <html>...</> | 0 | tst.html:3:5:9:11 | <head>...</> |
+| tst.html:2:1:13:7 | <html>...</> | 1 | tst.html:10:5:12:11 | <body>...</> |
+| tst.html:3:5:9:11 | <head>...</> | 0 | tst.html:4:9:4:32 | <title>...</> |
+| tst.html:3:5:9:11 | <head>...</> | 1 | tst.html:5:9:5:43 | <script>...</> |
+| tst.html:3:5:9:11 | <head>...</> | 2 | tst.html:6:9:8:17 | <script>...</> |
+| tst.html:10:5:12:11 | <body>...</> | 0 | tst.html:11:9:11:64 | <a>...</> |

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getChild.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::Element elt, int i
+select elt, i, elt.getChild(i)

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getName.expected

@@ -0,0 +1,7 @@
+| tst.html:2:1:13:7 | <html>...</> | html |
+| tst.html:3:5:9:11 | <head>...</> | head |
+| tst.html:4:9:4:32 | <title>...</> | title |
+| tst.html:5:9:5:43 | <script>...</> | script |
+| tst.html:6:9:8:17 | <script>...</> | script |
+| tst.html:10:5:12:11 | <body>...</> | body |
+| tst.html:11:9:11:64 | <a>...</> | a |

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getName.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::Element elt
+select elt, elt.getName()

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getParent.expected

@@ -0,0 +1,6 @@
+| tst.html:3:5:9:11 | <head>...</> | tst.html:2:1:13:7 | <html>...</> |
+| tst.html:4:9:4:32 | <title>...</> | tst.html:3:5:9:11 | <head>...</> |
+| tst.html:5:9:5:43 | <script>...</> | tst.html:3:5:9:11 | <head>...</> |
+| tst.html:6:9:8:17 | <script>...</> | tst.html:3:5:9:11 | <head>...</> |
+| tst.html:10:5:12:11 | <body>...</> | tst.html:2:1:13:7 | <html>...</> |
+| tst.html:11:9:11:64 | <a>...</> | tst.html:10:5:12:11 | <body>...</> |

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/HTMLElement_getParent.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::Element elt
+select elt, elt.getParent()

javascript/ql/test/library-tests/HTML/HTMLElementAndHTMLAttribute/tst.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>Test page</title>
+        <script src="external.js"></script>
+        <script>
+            alert("Hello, world!");
+        </script>
+    </head>
+    <body ng-app>
+        <A href="javascript:void(alert('Nope!'))">click here</a>
+    </body>
+</html>

javascript/ql/test/library-tests/HTML/HtmlComments/HtmlComment.expected

@@ -0,0 +1,2 @@
+| tst.html:4:5:4:22 | <!-- a comment --> |  a comment  | tst.html:3:3:5:9 | <body>...</> |
+| tst.html:7:1:8:11 | <!-- another\ncomment --> |  another\ncomment  | tst.html:1:1:8:12 | <html>...</> |

javascript/ql/test/library-tests/HTML/HtmlComments/HtmlComment.ql

@@ -0,0 +1,4 @@
+import javascript
+
+from HTML::CommentNode c
+select c, c.getText(), c.getParent()

javascript/ql/test/library-tests/HTML/HtmlComments/tst.html

@@ -0,0 +1,8 @@
+<html>
+  <head><title>Title</title></head>
+  <body>
+    <!-- a comment -->
+  </body>
+</body>
+<!-- another
+comment -->

javascript/ql/test/library-tests/HTML/HtmlText/HtmlText.expected

@@ -0,0 +1,7 @@
+| HtmlText.html:3:9:5:2 | \n  (1) as child #0\n   | HtmlText.html:3:3:17:9 | <body>...</> | 0 |  |
+| HtmlText.html:5:8:7:2 | \n    (2) as child #0\n   | HtmlText.html:5:3:7:8 | <div>...</> | 0 |  |
+| HtmlText.html:7:9:9:2 | \n  (3) as child #2\n   | HtmlText.html:3:3:17:9 | <body>...</> | 2 |  |
+| HtmlText.html:9:8:11:2 | \n    (4) entity ampersand: &\n   | HtmlText.html:9:3:11:8 | <div>...</> | 0 |  |
+| HtmlText.html:12:8:14:2 | \n    (5) numeric entity ampersand: &\n   | HtmlText.html:12:3:14:8 | <div>...</> | 0 |  |
+| HtmlText.html:15:12:15:25 | (6) cdata text | HtmlText.html:3:3:17:9 | <body>...</> | 7 | (cdata) |
+| HtmlText.html:16:12:16:33 | (7) cdata ampersand: & | HtmlText.html:3:3:17:9 | <body>...</> | 9 | (cdata) |

javascript/ql/test/library-tests/HTML/HtmlText/HtmlText.html

@@ -0,0 +1,18 @@
+//  semmle-extractor-options: --html all
+<html>
+  <body>
+  (1) as child #0
+  <div>
+    (2) as child #0
+  </div>
+  (3) as child #2
+  <div>
+    (4) entity ampersand: &amp;
+  </div>
+  <div>
+    (5) numeric entity ampersand: &#38;
+  </div>
+  <![CDATA[(6) cdata text]]>
+  <![CDATA[(7) cdata ampersand: &]]>
+  </body>
+</html>

javascript/ql/test/library-tests/HTML/HtmlText/HtmlText.ql

@@ -0,0 +1,5 @@
+import javascript
+
+from HTML::TextNode t, string cdata
+where t.toString().trim().length() > 0 and if t.isCData() then cdata = "(cdata)" else cdata = ""
+select t, t.getParent(), t.getIndex(), cdata