hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/sanitiser.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

50 lines
1.4 KiB
JavaScript
Raw Blame History

function escapeHtml(s) {
var amp = /&/g, lt = /</g, gt = />/g;
return s.toString()
.replace(amp, '&amp;')
.replace(lt, '&lt;')
.replace(gt, '&gt;');
}
function escapeAttr(s) {
return s.toString()
.replace(/'/g, '%22')
.replace(/"/g, '%27');
}
function test() {
var tainted = window.name; // $ Source
var elt = document.createElement();
elt.innerHTML = "<a href=\"" + escapeAttr(tainted) + "\">" + escapeHtml(tainted) + "</a>";
elt.innerHTML = "<div>" + escapeAttr(tainted) + "</div>"; // $ MISSING: Alert - not flagged -
const regex = /[<>'"&]/;
if (regex.test(tainted)) {
elt.innerHTML = '<b>' + tainted + '</b>'; // $ Alert
} else {
elt.innerHTML = '<b>' + tainted + '</b>';
}
if (!regex.test(tainted)) {
elt.innerHTML = '<b>' + tainted + '</b>';
} else {
elt.innerHTML = '<b>' + tainted + '</b>'; // $ Alert
}
if (regex.exec(tainted)) {
elt.innerHTML = '<b>' + tainted + '</b>'; // $ Alert
} else {
elt.innerHTML = '<b>' + tainted + '</b>';
}
if (regex.exec(tainted) != null) {
elt.innerHTML = '<b>' + tainted + '</b>'; // $ Alert
} else {
elt.innerHTML = '<b>' + tainted + '</b>';
}
if (regex.exec(tainted) == null) {
elt.innerHTML = '<b>' + tainted + '</b>';
} else {
elt.innerHTML = '<b>' + tainted + '</b>'; // $ Alert
}
elt.innerHTML = tainted.replace(/<\w+/g, ''); // $ Alert
}
Reference in New Issue View Git Blame Copy Permalink