hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/react-use-state.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

34 lines
1000 B
JavaScript
Raw Blame History

import { useState } from 'react';
function initialState() {
let [state, setState] = useState(window.name); // $ Source
return <div dangerouslySetInnerHTML={{__html: state}}></div>; // $ Alert
}
function setStateValue() {
let [state, setState] = useState('foo');
setState(window.name); // $ Source
return <div dangerouslySetInnerHTML={{__html: state}}></div>; // $ Alert
}
function setStateValueLazy() {
let [state, setState] = useState('foo');
setState(() => window.name); // $ Source
return <div dangerouslySetInnerHTML={{__html: state}}></div>; // $ Alert
}
function setStateValueLazy() {
let [state, setState] = useState('foo');
setState(prev => {
document.body.innerHTML = prev; // $ Alert
})
setState(() => window.name); // $ Source
}
function setStateValueSafe() {
let [state, setState] = useState('foo');
setState('safe');
setState(() => 'also safe');
return <div dangerouslySetInnerHTML={{__html: state}}></div>;
}
Reference in New Issue View Git Blame Copy Permalink