mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
46 lines
2.1 KiB
HTML
46 lines
2.1 KiB
HTML
<html>
|
|
<head>
|
|
<script type="text/javascript">
|
|
(function() {
|
|
// OK - we accept this, as a http document location is vulnerable anyway
|
|
var scrpt = document.createElement('script');
|
|
scrpt.type = 'text/javascript';
|
|
scrpt.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.cdn.local/ga.js';
|
|
|
|
// OK - integrity digest present
|
|
var scrpt2 = document.createElement('script');
|
|
scrpt2.type = 'text/javascript';
|
|
scrpt2.src = 'http://www.cdn.local/ga.js';
|
|
scrpt2.integrity = 'sha256-h0UuK3mE9taiYlB5u9vT9A0s/XDgkfVd+F4VhN/sky=';
|
|
|
|
var scrpt3 = document.createElement('script');
|
|
scrpt3.type = 'text/javascript';
|
|
scrpt3.src = ('https:' == document.location.protocol ? 'http://unsafe' : 'http://also-unsafe') + '.cdn.local/ga.js'; // $ Alert[js/functionality-from-untrusted-source] - http + ternary
|
|
|
|
var ifrm = document.createElement('iframe');
|
|
ifrm.src = 'http://www.example.com/'; // $ Alert[js/functionality-from-untrusted-source] - http URL
|
|
|
|
// OK - https URL
|
|
var ifrm2 = document.createElement('iframe');
|
|
ifrm2.src = 'https://www.example.com/';
|
|
|
|
function getUrl(version) {
|
|
return 'http://www.cdn.local/'+version+'/ga.js';
|
|
}
|
|
var ifrm3 = document.createElement('iframe');
|
|
ifrm3.src = getUrl('v123'); // $ Alert[js/functionality-from-untrusted-source] - http URL tracked through calls
|
|
|
|
var ifrm4 = document.createElement('iframe');
|
|
ifrm4.setAttribute('src', 'http://www.example.local/page.html'); // $ Alert[js/functionality-from-untrusted-source] - assignment of bad URL using setAttribute
|
|
|
|
// OK - bad URL, but the attribute is not `src`
|
|
var ifrm5 = document.createElement('iframe');
|
|
ifrm5.setAttribute('data-src', 'http://www.example.local/page.html');
|
|
})();
|
|
</script>
|
|
</head>
|
|
<body>
|
|
hello
|
|
</body>
|
|
</html>
|