mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
23 lines
1.0 KiB
JavaScript
23 lines
1.0 KiB
JavaScript
let obj = {};
|
|
|
|
window.addEventListener('message', (ev) => { // $ Source
|
|
let message = JSON.parse(ev.data);
|
|
window[message.name](message.payload); // $ Alert - may invoke eval
|
|
new window[message.name](message.payload); // $ Alert - may invoke jQuery $ function or similar
|
|
window["HTMLElement" + message.name](message.payload); // OK - concatenation restricts choice of methods
|
|
window[`HTMLElement${message.name}`](message.payload); // OK - concatenation restricts choice of methods
|
|
|
|
function f() {}
|
|
f[message.name](message.payload)(); // $ Alert - may acccess Function constructor
|
|
|
|
obj[message.name](message.payload); // OK - may crash, but no code execution involved
|
|
|
|
window[ev](ev); // $ Alert
|
|
|
|
window[configData() + ' ' + message.name](message.payload); // OK - concatenation restricts choice of methods
|
|
|
|
window[configData() + message.name](message.payload); // OK - concatenation restricts choice of methods
|
|
|
|
window['' + message.name](message.payload); // $ Alert - coercion does not restrict choice of methods
|
|
});
|