hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
sauyon/java-spring-stringutils
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/tst3.js
Asger Feldthaus 4137d3f971 JS: Split CWE-079 tests into their own folders
2020-10-16 17:32:36 +01:00

16 lines
563 B
JavaScript
Raw Permalink Blame History

var foo = document.getElementById("foo");
var data = JSON.parse(decodeURIComponent(window.location.search.substr(1)));
foo.setAttribute("src", data.src); // NOT OK
foo.setAttribute("HREF", data.p); // NOT OK
foo.setAttribute("width", data.w); // OK
foo.setAttribute("xlink:href", data.p) // NOT OK
foo.setAttributeNS('xlink', 'href', data.p); // NOT OK
foo.setAttributeNS('foobar', 'href', data.p); // NOT OK
foo.setAttributeNS('baz', 'width', data.w); // OK
for (var p in data)
foo.setAttribute(p, data[p]); // not flagged since attribute name is unknown
Reference in New Issue View Git Blame Copy Permalink