hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/ATM-feature-optimisation
codeql/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected
Erik Krogh Kristensen 81742528a2 add test
2021-08-27 10:04:39 +02:00

231 lines
20 KiB
Plaintext
Raw Permalink Blame History

nodes
| forms.js:8:23:8:28 | values |
| forms.js:8:23:8:28 | values |
| forms.js:9:31:9:36 | values |
| forms.js:9:31:9:40 | values.foo |
| forms.js:9:31:9:40 | values.foo |
| forms.js:11:24:11:29 | values |
| forms.js:11:24:11:29 | values |
| forms.js:12:31:12:36 | values |
| forms.js:12:31:12:40 | values.bar |
| forms.js:12:31:12:40 | values.bar |
| forms.js:24:15:24:20 | values |
| forms.js:24:15:24:20 | values |
| forms.js:25:23:25:28 | values |
| forms.js:25:23:25:34 | values.email |
| forms.js:25:23:25:34 | values.email |
| forms.js:28:20:28:25 | values |
| forms.js:28:20:28:25 | values |
| forms.js:29:23:29:28 | values |
| forms.js:29:23:29:34 | values.email |
| forms.js:29:23:29:34 | values.email |
| forms.js:34:11:34:53 | values |
| forms.js:34:13:34:18 | values |
| forms.js:34:13:34:18 | values |
| forms.js:35:19:35:24 | values |
| forms.js:35:19:35:30 | values.email |
| forms.js:35:19:35:30 | values.email |
| forms.js:44:21:44:26 | values |
| forms.js:44:21:44:26 | values |
| forms.js:45:21:45:26 | values |
| forms.js:45:21:45:33 | values.stooge |
| forms.js:45:21:45:33 | values.stooge |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:57:19:57:32 | e.target.value |
| forms.js:71:21:71:24 | data |
| forms.js:71:21:71:24 | data |
| forms.js:72:19:72:22 | data |
| forms.js:72:19:72:27 | data.name |
| forms.js:72:19:72:27 | data.name |
| forms.js:92:17:92:36 | values |
| forms.js:92:26:92:36 | getValues() |
| forms.js:92:26:92:36 | getValues() |
| forms.js:93:25:93:30 | values |
| forms.js:93:25:93:35 | values.name |
| forms.js:93:25:93:35 | values.name |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:103:23:103:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name |
| xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() |
| xss-through-dom.js:84:15:84:30 | $("text").text() |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:33:86:36 | text |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:36:87:39 | text |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src |
| xss-through-dom.js:109:45:109:55 | this.el.src |
edges
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo |
| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo |
| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values |
| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values |
| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar |
| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar |
| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values |
| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values |
| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email |
| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email |
| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values |
| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values |
| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email |
| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email |
| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values |
| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values |
| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values |
| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email |
| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email |
| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values |
| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values |
| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge |
| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge |
| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value |
| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data |
| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data |
| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name |
| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name |
| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values |
| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values |
| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values |
| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name |
| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name |
| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value |
| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") |
| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText |
| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content |
| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value |
| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") |
| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name |
| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector |
| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text |
| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text |
| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) |
| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" |
#select
| forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
| forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
| forms.js:25:23:25:34 | values.email | forms.js:24:15:24:20 | values | forms.js:25:23:25:34 | values.email | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:24:15:24:20 | values | DOM text |
| forms.js:29:23:29:34 | values.email | forms.js:28:20:28:25 | values | forms.js:29:23:29:34 | values.email | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:28:20:28:25 | values | DOM text |
| forms.js:35:19:35:30 | values.email | forms.js:34:13:34:18 | values | forms.js:35:19:35:30 | values.email | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:34:13:34:18 | values | DOM text |
| forms.js:45:21:45:33 | values.stooge | forms.js:44:21:44:26 | values | forms.js:45:21:45:33 | values.stooge | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:44:21:44:26 | values | DOM text |
| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:57:19:57:32 | e.target.value | DOM text |
| forms.js:72:19:72:27 | data.name | forms.js:71:21:71:24 | data | forms.js:72:19:72:27 | data.name | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:71:21:71:24 | data | DOM text |
| forms.js:93:25:93:35 | values.name | forms.js:92:26:92:36 | getValues() | forms.js:93:25:93:35 | values.name | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:92:26:92:36 | getValues() | DOM text |
| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:103:23:103:36 | e.target.value | DOM text |
| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:107:23:107:36 | e.target.value | DOM text |
| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:2:16:2:34 | $("textarea").val() | DOM text |
| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | DOM text |
| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | DOM text |
| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:11:3:11:42 | documen ... nerText | DOM text |
| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:19:3:19:44 | documen ... Content | DOM text |
| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:23:3:23:48 | documen ... ].value | DOM text |
| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:27:3:27:61 | documen ... arget') | DOM text |
| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:51:30:51:48 | $("textarea").val() | DOM text |
| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:54:31:54:49 | $("textarea").val() | DOM text |
| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | DOM text |
| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | DOM text |
| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:61:30:61:69 | $(docum ... value") | DOM text |
| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:64:30:64:40 | valMethod() | DOM text |
| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | DOM text |
| xss-through-dom.js:77:4:77:11 | selector | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:77:4:77:11 | selector | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | DOM text |
| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:79:4:79:34 | documen ... t.value | DOM text |
| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | DOM text |
| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:84:15:84:30 | $("text").text() | DOM text |
| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:84:15:84:30 | $("text").text() | DOM text |
| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | DOM text |
| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | DOM text |
| xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "<a src ... oo</a>" | $@ is reinterpreted as HTML without escaping meta-characters. | xss-through-dom.js:109:45:109:55 | this.el.src | DOM text |
Reference in New Issue View Git Blame Copy Permalink