hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
yo-h/java15
codeql/python/ql/test/query-tests/Security/CWE-079/reflected_xss.py
Taus Brock-Nannestad af7626a6b3 Python: Fixup CWE-079 tests
2020-11-02 11:46:02 +01:00

16 lines
377 B
Python
Raw Permalink Blame History

from flask import Flask, request, make_response, escape
app = Flask(__name__)
@app.route("/unsafe")
def unsafe():
first_name = request.args.get("name", "")
return make_response("Your name is " + first_name) # NOT OK
@app.route("/safe")
def safe():
first_name = request.args.get("name", "")
return make_response("Your name is " + escape(first_name)) # OK
Reference in New Issue View Git Blame Copy Permalink