codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-native.js

import express from 'express';
import { WebView } from 'react-native';

var app = express();

app.get('/some/path', function(req, res) {
  let tainted = req.param("code"); // $ Source
  <WebView html={tainted}/>;            // $ Alert
  <WebView source={{html: tainted}}/>;  // $ Alert
});