hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
66737402c20fc83b3d3a654dcccf4b26c901b100
codeql/javascript/ql/test/query-tests/Security/CWE-611/domparser.js
Asger F 9be041e27d JS: Update OK-style comments to $-style
2025-02-28 13:27:28 +01:00

16 lines
555 B
JavaScript
Raw Blame History

function test() {
var src = document.location.search; // $ Source=search
if (window.DOMParser) {
// OK - DOMParser only expands internal general entities
new DOMParser().parseFromString(src, 'text/xml');
} else {
var parser;
try {
(new ActiveXObject("Microsoft.XMLDOM")).loadXML(src); // $ Alert=search // $ Alert - XMLDOM expands external entities by default
} catch (e) {
(new ActiveXObject("Msxml2.DOMDocument")).loadXML(src); // $ Alert=search // $ Alert - MSXML expands external entities by default
}
}
}
Reference in New Issue View Git Blame Copy Permalink