hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.5
codeql/javascript/ql/test/query-tests/Security/CWE-730/client-side.js
Asger Feldthaus aa1c8c041e JS: Exclude client-side sources from RegExpInjection
2021-03-16 13:28:11 +00:00

5 lines
177 B
JavaScript
Raw Permalink Blame History

function foo() {
let taint = window.location.hash.substring(1);
new RegExp(taint); // OK - we do not flag RegExp injection on the client side as the impact is too low
}
Reference in New Issue View Git Blame Copy Permalink