hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.5
codeql/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected
Erik Krogh Kristensen 3640bbd466 add test for IncompleteHtmlAttributeSanitization
2021-03-16 13:25:27 +01:00

76 lines
7.7 KiB
Plaintext
Raw Permalink Blame History

nodes
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:274:6:274:94 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') |
| tst.js:274:12:274:94 | s().val ... g , '') |
| tst.js:275:9:275:11 | arr |
| tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
edges
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') |
| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') |
| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') |
| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') |
| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr |
| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr |
| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) |
#select
| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:249:9:249:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:250:9:250:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:253:21:253:45 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:254:32:254:56 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain ampersands or double quotes when it reaches this attribute definition. | tst.js:270:61:270:85 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:275:9:275:21 | arr.join(" ") | tst.js:274:12:274:94 | s().val ... g , '') | tst.js:275:9:275:21 | arr.join(" ") | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:274:12:274:94 | s().val ... g , '') | this final HTML sanitizer step |
| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:300:10:300:33 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:301:10:301:32 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:302:10:302:34 | s().rep ... ]/g,'') | this final HTML sanitizer step |
| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:303:10:303:34 | s().rep ... /g, '') | this final HTML sanitizer step |
| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | Cross-site scripting vulnerability as the output of $@ may contain single quotes when it reaches this attribute definition. | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | this final HTML sanitizer step |
Reference in New Issue View Git Blame Copy Permalink