hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/optionalSanitizer.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

47 lines
1.0 KiB
JavaScript
Raw Blame History

function test() {
var target = document.location.search // $ Source
$('myId').html(sanitize ? DOMPurify.sanitize(target) : target);
$('myId').html(target); // $ Alert
var tainted = target;
$('myId').html(tainted); // $ Alert
if (sanitize) {
tainted = DOMPurify.sanitize(tainted);
}
$('myId').html(tainted);
inner(target);
function inner(x) {
$('myId').html(x); // $ Alert
if (sanitize) {
x = DOMPurify.sanitize(x);
}
$('myId').html(x);
}
}
function badSanitizer() {
var target = document.location.search // $ Source
function sanitizeBad(x) {
return x; // No sanitization;
}
var tainted2 = target;
$('myId').html(tainted2); // $ Alert
if (sanitize) {
tainted2 = sanitizeBad(tainted2);
}
$('myId').html(tainted2); // $ Alert
var tainted3 = target;
$('myId').html(tainted3); // $ Alert
if (sanitize) {
tainted3 = sanitizeBad(tainted3);
}
$('myId').html(tainted3); // $ Alert
$('myId').html(sanitize ? sanitizeBad(target) : target); // $ Alert
}
Reference in New Issue View Git Blame Copy Permalink