hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/csharp/ql/test/query-tests/Security Features/CWE-838/HtmlEncode.cs
Pavel Avgustinov b55526aa58 QL code and tests for C#/C++/JavaScript.
2018-08-02 17:53:23 +01:00

21 lines
860 B
C#
Raw Permalink Blame History

// semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs ${testdir}/../../../resources/stubs/System.Windows.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Net.cs /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Data.Common.dll
using System;
using System.Web;
using System.Net;
public class HtmlEncode
{
public static void Bad(HttpContext ctx)
{
var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]);
ctx.Response.Write("Hello, " + WebUtility.UrlEncode(user));
}
public static void Good(HttpContext ctx)
{
var user = WebUtility.UrlDecode(ctx.Request.QueryString["user"]);
ctx.Response.Write("Hello, " + WebUtility.HtmlEncode(user));
}
}
Reference in New Issue View Git Blame Copy Permalink