hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/jwt-server.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

13 lines
364 B
JavaScript
Raw Blame History

var express = require('express');
var app = express();
import jwt from "jsonwebtoken";
import { JSDOM } from "jsdom";
app.get('/some/path', function (req, res) {
var taint = req.param("wobble"); // $ Source
jwt.verify(taint, 'my-secret-key', function (err, decoded) {
new JSDOM(decoded.foo, { runScripts: "dangerously" }); // $ Alert
});
});
Reference in New Issue View Git Blame Copy Permalink