mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
47 lines
1.0 KiB
JavaScript
47 lines
1.0 KiB
JavaScript
function test() {
|
|
var target = document.location.search
|
|
|
|
$('myId').html(sanitize ? DOMPurify.sanitize(target) : target); // OK
|
|
|
|
$('myId').html(target); // NOT OK
|
|
|
|
var tainted = target;
|
|
$('myId').html(tainted); // NOT OK
|
|
if (sanitize) {
|
|
tainted = DOMPurify.sanitize(tainted);
|
|
}
|
|
$('myId').html(tainted); // OK
|
|
|
|
inner(target);
|
|
function inner(x) {
|
|
$('myId').html(x); // NOT OK
|
|
if (sanitize) {
|
|
x = DOMPurify.sanitize(x);
|
|
}
|
|
$('myId').html(x); // OK
|
|
}
|
|
}
|
|
|
|
function badSanitizer() {
|
|
var target = document.location.search
|
|
|
|
function sanitizeBad(x) {
|
|
return x; // No sanitization;
|
|
}
|
|
var tainted2 = target;
|
|
$('myId').html(tainted2); // NOT OK
|
|
if (sanitize) {
|
|
tainted2 = sanitizeBad(tainted2);
|
|
}
|
|
$('myId').html(tainted2); // NOT OK
|
|
|
|
var tainted3 = target;
|
|
$('myId').html(tainted3); // NOT OK
|
|
if (sanitize) {
|
|
tainted3 = sanitizeBad(tainted3);
|
|
}
|
|
$('myId').html(tainted3); // NOT OK
|
|
|
|
$('myId').html(sanitize ? sanitizeBad(target) : target); // NOT OK
|
|
}
|