hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.3
codeql/javascript/ql/test/query-tests/AngularJS/InsecureUrlWhitelist/tst.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

25 lines
1.3 KiB
JavaScript
Raw Permalink Blame History

angular.module('myApp', [])
.config(function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
"**://example.com/*", // BAD (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
"*://example.org/*", // BAD (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
"https://**.example.com/*", // BAD (exploit: https://evil.com/?ignore=://example.com/a)
"https://example.**", // BAD (exploit: https://example.evil.com or http://example.:foo@evil.com)
"https://example.*", // BAD (exploit: https://example.UnexpectedTLD)
"https://example.com", // OK
"https://example.com/**", // OK
"https://example.com/*", // OK
"https://example.com/foo/*", // OK
"https://example.com/foo/**", // OK
"https://example.com/foo/*/bar", // OK
"https://example.com/foo/**/bar", // OK
"https://example.com/?**", // OK
"https://example.com/?**://example.com", // OK
"https://*.example.com",
// not flagged:
/http:\/\/www.example.org/g // BAD (exploit http://wwwaexample.org (dots are not escaped))
]);
});
Reference in New Issue View Git Blame Copy Permalink