mirror of
https://github.com/github/codeql.git
synced 2025-12-23 12:16:33 +01:00
20 lines
535 B
JavaScript
20 lines
535 B
JavaScript
function escapeHtml(s) {
|
|
return s.toString()
|
|
.replace(/&/g, '&')
|
|
.replace(/</g, '<')
|
|
.replace(/>/g, '>');
|
|
}
|
|
|
|
function escapeAttr(s) {
|
|
return s.toString()
|
|
.replace(/'/g, '%22')
|
|
.replace(/"/g, '%27');
|
|
}
|
|
|
|
function test() {
|
|
var tainted = window.name;
|
|
var elt = document.createElement();
|
|
elt.innerHTML = "<a href=\"" + escapeAttr(tainted) + "\">" + escapeHtml(tainted) + "</a>"; // OK
|
|
elt.innerHTML = "<div>" + escapeAttr(tainted) + "</div>"; // NOT OK, but not flagged
|
|
}
|