mirror of
https://github.com/github/codeql.git
synced 2026-04-27 09:45:15 +02:00
10 lines
351 B
JavaScript
10 lines
351 B
JavaScript
var foo = document.getElementById("foo");
|
|
var data = JSON.parse(decodeURIComponent(window.location.search.substr(1)));
|
|
|
|
foo.setAttribute("src", data.src); // NOT OK
|
|
foo.setAttribute("HREF", data.p); // NOT OK
|
|
foo.setAttribute("width", data.w); // OK
|
|
|
|
for (var p in data)
|
|
foo.setAttribute(p, data[p]); // not flagged since attribute name is unknown
|