mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
25 lines
1.3 KiB
JavaScript
25 lines
1.3 KiB
JavaScript
angular.module('myApp', [])
|
|
.config(function($sceDelegateProvider) {
|
|
$sceDelegateProvider.resourceUrlWhitelist([
|
|
"**://example.com/*", // $ RelatedLocation - (exploit: http://evil.com/?ignore=://example.org/a or javascript:alert(1);://example.org/a)
|
|
"*://example.org/*", // $ RelatedLocation - (exploit: javascript://example.org/a%0A%0Dalert(1) using a linebreak to end the comment starting with "//"!)
|
|
"https://**.example.com/*", // $ RelatedLocation - exploit: https://evil.com/?ignore=://example.com/a
|
|
"https://example.**", // $ RelatedLocation - exploit: https://example.evil.com or http://example.:foo@evil.com
|
|
"https://example.*", // $ RelatedLocation - exploit: https://example.UnexpectedTLD
|
|
|
|
"https://example.com",
|
|
"https://example.com/**",
|
|
"https://example.com/*",
|
|
"https://example.com/foo/*",
|
|
"https://example.com/foo/**",
|
|
"https://example.com/foo/*/bar",
|
|
"https://example.com/foo/**/bar",
|
|
"https://example.com/?**",
|
|
"https://example.com/?**://example.com",
|
|
"https://*.example.com",
|
|
|
|
// not flagged:
|
|
/http:\/\/www.example.org/g // $ MISSING: RelatedLocation - (exploit http://wwwaexample.org (dots are not escaped))
|
|
]); // $ Alert
|
|
});
|