hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/stored-xss.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

31 lines
979 B
JavaScript
Raw Blame History

(function() {
sessionStorage.setItem('session', document.location.search); // $ Source
localStorage.setItem('local', document.location.search); // $ Source
$('myId').html(sessionStorage.getItem('session')); // $ Alert
$('myId').html(localStorage.getItem('session'));
$('myId').html(sessionStorage.getItem('local'));
$('myId').html(localStorage.getItem('local')); // $ Alert
var href = localStorage.getItem('local');
$('myId').html("<a href=\"" + href + ">foobar</a>"); // $ Alert
if (href.indexOf("\"") !== -1) {
return;
}
$('myId').html("<a href=\"" + href + "/>");
var href2 = localStorage.getItem('local');
if (href2.indexOf("\"") !== -1) {
return;
}
$('myId').html("\n<a href=\"" + href2 + ">foobar</a>");
var href3 = localStorage.getItem('local');
if (href3.indexOf("\"") !== -1) {
return;
}
$('myId').html('\r\n<a href="/' + href3 + '">' + "something" + '</a>');
});
Reference in New Issue View Git Blame Copy Permalink