hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.7.6
codeql/javascript/ql/test/query-tests/Security/CWE-611/domparser.js
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

18 lines
507 B
JavaScript
Raw Permalink Blame History

function test() {
var src = document.location.search;
if (window.DOMParser) {
// OK: DOMParser only expands internal general entities
new DOMParser().parseFromString(src, 'text/xml');
} else {
var parser;
try {
// NOT OK: XMLDOM expands external entities by default
(new ActiveXObject("Microsoft.XMLDOM")).loadXML(src);
} catch (e) {
// NOT OK: MSXML expands external entities by default
(new ActiveXObject("Msxml2.DOMDocument")).loadXML(src);
}
}
}
Reference in New Issue View Git Blame Copy Permalink