hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Improve XSS sanitizer detection.

Browse Source 
We now use local data flow to detect more regexp-based sanitizers.
This commit is contained in:
Max Schaefer
2019-09-23 16:53:08 +01:00
parent 22e57a6559
commit d4fca84898
3 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
javascript/ql/test/query-tests/Security/CWE-079/sanitiser.js
View File

@@ -1,8 +1,9 @@
function escapeHtml(s) {
var amp = /&/g, lt = /</g, gt = />/g;
return s.toString()
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;');
.replace(amp, '&amp;')
.replace(lt, '&lt;')
.replace(gt, '&gt;');
}
function escapeAttr(s) {