hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow mailto links in js/unsafe-external-link

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-08-31 16:01:28 +02:00
parent 4e963a8a8e
commit f7edf28d0d
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/DOM/TargetBlank.ql
View File

@@ -31,7 +31,9 @@ predicate hasDynamicHrefHostAttributeValue(DOM::ElementDefinition elem) {
// fixed string with templating
url.regexpMatch(Templating::getDelimiterMatchingRegexp()) and
// ... that does not start with a fixed host or a relative path (common formats)
not url.regexpMatch("(?i)((https?:)?//)?[-a-z0-9.]*/.*")
not url.regexpMatch("(?i)((https?:)?//)?[-a-z0-9.]*/.*") and
// ... that is not a mailto: link
not url.regexpMatch("mailto:.*")
)
)
}