hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/etherpad.js
Asger F 64d39da5f8 JS: Accept Sources/Sink tags
2025-02-28 13:29:30 +01:00

13 lines
326 B
JavaScript
Raw Blame History

let express = require('express');
let isVarName = require('is-var-name');
let app = express();
app.get("/some/path", (req, res) => {
let response = "Hello, world!";
if(req.query.jsonp && isVarName(req.query.jsonp))
response = req.query.jsonp + "(" + response + ")"; // $ Source
res.send(response); // $ Alert
});
Reference in New Issue View Git Blame Copy Permalink