hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
adityasharad/1.24.0/cpp-large-variable-10k
codeql/javascript/ql/test/query-tests/Security/CWE-020/IncompleteUrlSchemeCheck.js
Asger Feldthaus 2c6beadf68 JS: Recognize more forms of scheme checks
2020-04-06 12:30:03 +01:00

48 lines
1.1 KiB
JavaScript
Raw Permalink Blame History

import * as dummy from 'dummy';
function sanitizeUrl(url) {
let u = decodeURI(url).trim().toLowerCase();
if (u.startsWith("javascript:")) // NOT OK
return "about:blank";
return url;
}
let badProtocols = ['javascript:', 'data:'];
let badProtocolNoColon = ['javascript', 'data'];
let badProtocolsGood = ['javascript:', 'data:', 'vbscript:'];
function test2(url) {
let protocol = new URL(url).protocol;
if (badProtocols.includes(protocol)) // NOT OK
return "about:blank";
return url;
}
function test3(url) {
let scheme = goog.uri.utils.getScheme(url);
if (badProtocolNoColon.includes(scheme)) // NOT OK
return "about:blank";
return url;
}
function test4(url) {
let scheme = url.split(':')[0];
if (badProtocolNoColon.includes(scheme)) // NOT OK
return "about:blank";
return url;
}
function test5(url) {
let scheme = url.split(':')[0];
if (scheme === "javascript") // NOT OK
return "about:blank";
return url;
}
function test6(url) {
let protocol = new URL(url).protocol;
if (badProtocolsGood.includes(protocol)) // OK
return "about:blank";
return url;
}
Reference in New Issue View Git Blame Copy Permalink