Merge pull request #12802 from erik-krogh/history-xss

JS: add browser history as XSS sink
2026-04-30 19:26:02 +02:00 · 2023-04-14 13:35:19 +02:00
parent 9169ddb9c1 b1957623c1
commit cece307c60
4 changed files with 22 additions and 0 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
@@ -222,6 +222,8 @@ module ClientSideUrlRedirect {
    HistoryWriteUrlSink() {
      this = History::getBrowserHistory().getMember(["push", "replace"]).getACall().getArgument(0)
    }
+
+    override predicate isXssSink() { any() }
  }

  /**