hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js
Erik Krogh Kristensen e75259d3a6 model the verify function in jsonwebtoken
2020-11-10 10:41:39 +01:00

14 lines
359 B
JavaScript
Raw Permalink Blame History

var express = require('express');
var app = express();
import jwt from "jsonwebtoken";
import { JSDOM } from "jsdom";
app.get('/some/path', function (req, res) {
var taint = req.param("wobble");
jwt.verify(taint, 'my-secret-key', function (err, decoded) {
// NOT OK
new JSDOM(decoded.foo, { runScripts: "dangerously" });
});
});
Reference in New Issue View Git Blame Copy Permalink