Files
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/angular-tempate-url.js
Asger F 9ee7599aeb JS: Move AngularJSTemplateUrlSink to ClientSideUrlRedirection query
This is not perfect but at least we can be consistent about keeping URLs-that-lead-to-xss in the same query
2024-08-16 14:37:13 +02:00

16 lines
353 B
JavaScript

angular.module('myApp', [])
.directive('myCustomer', function() {
return {
templateUrl: "SAFE" // OK
}
})
.directive('myCustomer', function() {
return {
templateUrl: Cookie.get("unsafe") // NOT OK
}
});
addEventListener('message', (ev) => {
Cookie.set("unsafe", ev.data);
});