mirror of
https://github.com/github/codeql.git
synced 2026-06-18 11:21:07 +02:00
10 lines
227 B
Python
10 lines
227 B
Python
|
|
import flask
|
|
from js2py import eval_js, disable_pyimport
|
|
|
|
bp = flask.Blueprint("app", __name__, url_prefix="/")
|
|
|
|
@bp.route("/bad")
|
|
def bad():
|
|
jk = flask.request.form["jk"] # $ Source
|
|
jk = eval_js(f"{jk} f()") # $ Alert |