hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.8.2
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js
Asger Feldthaus 4137d3f971 JS: Split CWE-079 tests into their own folders
2020-10-16 17:32:36 +01:00

31 lines
982 B
JavaScript
Raw Permalink Blame History

(function() {
sessionStorage.setItem('session', document.location.search);
localStorage.setItem('local', document.location.search);
$('myId').html(sessionStorage.getItem('session')); // NOT OK
$('myId').html(localStorage.getItem('session')); // OK
$('myId').html(sessionStorage.getItem('local')); // OK
$('myId').html(localStorage.getItem('local')); // NOT OK
var href = localStorage.getItem('local');
$('myId').html("<a href=\"" + href + ">foobar</a>"); // NOT OK
if (href.indexOf("\"") !== -1) {
return;
}
$('myId').html("<a href=\"" + href + "/>"); // OK
var href2 = localStorage.getItem('local');
if (href2.indexOf("\"") !== -1) {
return;
}
$('myId').html("\n<a href=\"" + href2 + ">foobar</a>"); // OK
var href3 = localStorage.getItem('local');
if (href3.indexOf("\"") !== -1) {
return;
}
$('myId').html('\r\n<a href="/' + href3 + '">' + "something" + '</a>'); // OK
});
Reference in New Issue View Git Blame Copy Permalink