hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-router.js
Asger F 9be041e27d JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00

38 lines
969 B
JavaScript
Raw Blame History

import { useRouter } from 'next/router'
export function nextRouter() {
const router = useRouter();
return (
<div>
<span onClick={() => {
router.push(router.query.foobar) // $ Alert
}}>Click to XSS 1</span>
<span onClick={() => {
router.replace(router.query.foobar) // $ Alert
}}>Click to XSS 2</span>
<span onClick={() => {
router.push('/?foobar=' + router.query.foobar)
}}>Safe Link</span>
</div>
)
}
import { withRouter } from 'next/router'
function Page({ router }) {
return <span onClick={() => router.push(router.query.foobar)}>Click to XSS 3</span> // $ Alert
}
export const pageWithRouter = withRouter(Page);
import { myUseRouter } from './react-use-router-lib';
export function nextRouterWithLib() {
const router = myUseRouter()
return (
<div>
<span onClick={() => {
router.push(router.query.foobar) // $ Alert
}}>Click to XSS 1</span>
</div>
)
}
Reference in New Issue View Git Blame Copy Permalink