mirror of
https://github.com/github/codeql.git
synced 2025-12-18 01:33:15 +01:00
97 lines
2.1 KiB
JavaScript
97 lines
2.1 KiB
JavaScript
function badEncode(s) {
|
|
return s.replace(/"/g, """)
|
|
.replace(/'/g, "'")
|
|
.replace(/&/g, "&");
|
|
}
|
|
|
|
function goodEncode(s) {
|
|
return s.replace(/&/g, "&")
|
|
.replace(/"/g, """)
|
|
.replace(/'/g, "'");
|
|
}
|
|
|
|
function goodDecode(s) {
|
|
return s.replace(/"/g, "\"")
|
|
.replace(/'/g, "'")
|
|
.replace(/&/g, "&");
|
|
}
|
|
|
|
function badDecode(s) {
|
|
return s.replace(/&/g, "&")
|
|
.replace(/"/g, "\"")
|
|
.replace(/'/g, "'");
|
|
}
|
|
|
|
function cleverEncode(code) {
|
|
return code.replace(/</g, '<').replace(/>/g, '>').replace(/&(?![\w\#]+;)/g, '&');
|
|
}
|
|
|
|
function badDecode2(s) {
|
|
return s.replace(/&/g, "&")
|
|
.replace(/s?ome|thin*g/g, "else")
|
|
.replace(/'/g, "'");
|
|
}
|
|
|
|
function goodDecodeInLoop(ss) {
|
|
var res = [];
|
|
for (var s of ss) {
|
|
s = s.replace(/"/g, "\"")
|
|
.replace(/'/g, "'")
|
|
.replace(/&/g, "&");
|
|
res.push(s);
|
|
}
|
|
return res;
|
|
}
|
|
|
|
function badDecode3(s) {
|
|
s = s.replace(/&/g, "&");
|
|
s = s.replace(/"/g, "\"");
|
|
return s.replace(/'/g, "'");
|
|
}
|
|
|
|
function badUnescape(s) {
|
|
return s.replace(/\\\\/g, '\\')
|
|
.replace(/\\'/g, '\'')
|
|
.replace(/\\"/g, '\"');
|
|
}
|
|
|
|
function badPercentEscape(s) {
|
|
s = s.replace(/&/g, '%26');
|
|
s = s.replace(/%/g, '%25');
|
|
return s;
|
|
}
|
|
|
|
function badEncode(s) {
|
|
var indirect1 = /"/g;
|
|
var indirect2 = /'/g;
|
|
var indirect3 = /&/g;
|
|
return s.replace(indirect1, """)
|
|
.replace(indirect2, "'")
|
|
.replace(indirect3, "&");
|
|
}
|
|
|
|
function badEncodeWithReplacer(s) {
|
|
var repl = {
|
|
'"': """,
|
|
"'": "'",
|
|
"&": "&"
|
|
};
|
|
return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&");
|
|
}
|
|
|
|
// dubious, but out of scope for this query
|
|
function badRoundtrip(s) {
|
|
return s.replace(/\\\\/g, "\\").replace(/\\/g, "\\\\");
|
|
}
|
|
|
|
function testWithCapturedVar(x) {
|
|
var captured = x;
|
|
(function() {
|
|
captured = captured.replace(/\\/g, "\\\\");
|
|
})();
|
|
}
|
|
|
|
function encodeDecodeEncode(s) {
|
|
return goodEncode(goodDecode(goodEncode(s)));
|
|
}
|