hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-26 09:18:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d63df71a8a94de5735d23769d9b7970af85da987
codeql/javascript/ql/test/query-tests/Security/CWE-079/StoredXss.expected

426 lines
25 KiB
Plaintext
Raw Blame History

nodes
| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| ReflectedXss.js:8:33:8:45 | req.params.id |
| addEventListener.js:1:43:1:47 | event |
| addEventListener.js:2:20:2:24 | event |
| addEventListener.js:2:20:2:29 | event.data |
| etherpad.js:9:5:9:53 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp |
| etherpad.js:9:16:9:36 | req.que ... p + "(" |
| etherpad.js:9:16:9:47 | req.que ... esponse |
| etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:11:3:11:3 | response |
| etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil |
| formatting.js:4:16:4:29 | req.query.evil |
| formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:6:43:6:46 | evil |
| formatting.js:7:14:7:53 | require ... , evil) |
| formatting.js:7:49:7:52 | evil |
| jquery.js:2:7:2:40 | tainted |
| jquery.js:2:17:2:33 | document.location |
| jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:4:5:4:11 | tainted |
| jquery.js:7:5:7:26 | "<div i ... tainted |
| jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted |
| jquery.js:8:18:8:34 | "XSS: " + tainted |
| jquery.js:8:28:8:34 | tainted |
| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| nodemailer.js:13:50:13:66 | req.query.message |
| partial.js:9:25:9:25 | x |
| partial.js:10:14:10:14 | x |
| partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url |
| partial.js:18:25:18:25 | x |
| partial.js:19:14:19:14 | x |
| partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url |
| partial.js:27:25:27:25 | x |
| partial.js:28:14:28:14 | x |
| partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url |
| partial.js:36:25:36:25 | x |
| partial.js:37:14:37:14 | x |
| partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url |
| promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data |
| promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x |
| promises.js:6:25:6:25 | x |
| promises.js:6:25:6:25 | x |
| react-native.js:7:7:7:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") |
| react-native.js:8:18:8:24 | tainted |
| react-native.js:9:27:9:33 | tainted |
| stored-xss.js:2:39:2:55 | document.location |
| stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:3:35:3:51 | document.location |
| stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:3:16:3:32 | document.location |
| string-manipulations.js:4:16:4:32 | document.location |
| string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location |
| string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location |
| string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location |
| string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location |
| string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:9:36:9:52 | document.location |
| string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:10:16:10:45 | String( ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location |
| string-manipulations.js:10:23:10:44 | documen ... on.href |
| translate.js:6:7:6:39 | target |
| translate.js:6:16:6:32 | document.location |
| translate.js:6:16:6:39 | documen ... .search |
| translate.js:7:42:7:47 | target |
| translate.js:7:42:7:60 | target.substring(1) |
| translate.js:9:27:9:50 | searchP ... 'term') |
| tst2.js:6:7:6:30 | p |
| tst2.js:6:7:6:30 | r |
| tst2.js:6:9:6:9 | p |
| tst2.js:6:12:6:15 | q: r |
| tst2.js:7:12:7:12 | p |
| tst2.js:8:12:8:12 | r |
| tst.js:2:7:2:39 | target |
| tst.js:2:16:2:32 | document.location |
| tst.js:2:16:2:39 | documen ... .search |
| tst.js:5:18:5:23 | target |
| tst.js:8:18:8:114 | "<OPTIO ... t=")+8) |
| tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:53 | document.location |
| tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:12:5:12:33 | '<div s ... target |
| tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:28:12:33 | target |
| tst.js:19:25:19:41 | document.location |
| tst.js:20:18:20:35 | params.get('name') |
| tst.js:23:42:23:47 | target |
| tst.js:23:42:23:60 | target.substring(1) |
| tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:27:14:27:19 | target |
| tst.js:29:18:29:23 | target |
| tst.js:31:5:31:21 | document.location |
| tst.js:31:5:31:28 | documen ... .search |
| tst.js:34:10:34:26 | document.location |
| tst.js:34:10:34:33 | documen ... .search |
| tst.js:37:16:37:20 | bar() |
| tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:43:20:43:36 | document.location |
| tst.js:43:20:43:43 | documen ... .search |
| tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:49:21:49:37 | document.location |
| tst.js:49:21:49:44 | documen ... .search |
| tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:57:21:57:37 | document.location |
| tst.js:57:21:57:44 | documen ... .search |
| tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:59:21:59:37 | document.location |
| tst.js:59:21:59:44 | documen ... .search |
| tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:21:61:31 | chop(bar()) |
| tst.js:61:26:61:30 | bar() |
| tst.js:63:34:63:34 | s |
| tst.js:65:18:65:18 | s |
| tst.js:67:25:67:41 | document.location |
| tst.js:67:25:67:48 | documen ... .search |
| tst.js:68:25:68:41 | document.location |
| tst.js:68:25:68:48 | documen ... .search |
| tst.js:71:16:71:20 | bar() |
| tst.js:73:1:73:27 | [,docum ... search] |
| tst.js:73:3:73:19 | document.location |
| tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:46:73:46 | x |
| tst.js:74:7:74:7 | x |
| tst.js:76:20:76:20 | x |
| tst.js:80:49:80:65 | document.location |
| tst.js:80:49:80:72 | documen ... .search |
| tst.js:84:26:84:42 | document.location |
| tst.js:84:26:84:49 | documen ... .search |
| tst.js:85:25:85:41 | document.location |
| tst.js:85:25:85:48 | documen ... .search |
| tst.js:87:33:87:49 | document.location |
| tst.js:87:33:87:56 | documen ... .search |
| tst.js:88:32:88:48 | document.location |
| tst.js:88:32:88:55 | documen ... .search |
| tst.js:93:39:93:55 | document.location |
| tst.js:93:39:93:62 | documen ... .search |
| tst.js:99:30:99:46 | document.location |
| tst.js:99:30:99:53 | documen ... .search |
| tst.js:105:25:105:41 | document.location |
| tst.js:105:25:105:48 | documen ... .search |
| tst.js:110:7:110:44 | v |
| tst.js:110:11:110:27 | document.location |
| tst.js:110:11:110:34 | documen ... .search |
| tst.js:110:11:110:44 | documen ... bstr(1) |
| tst.js:113:18:113:18 | v |
| tst.js:145:29:145:43 | window.location |
| tst.js:145:29:145:50 | window. ... .search |
| tst.js:148:29:148:29 | v |
| tst.js:148:49:148:49 | v |
| tst.js:152:29:152:46 | xssSourceService() |
| tst.js:155:40:155:54 | window.location |
| tst.js:155:40:155:61 | window. ... .search |
| tst.js:174:9:174:41 | target |
| tst.js:174:18:174:34 | document.location |
| tst.js:174:18:174:41 | documen ... .search |
| tst.js:177:28:177:33 | target |
| tst.js:181:9:181:42 | tainted |
| tst.js:181:19:181:35 | document.location |
| tst.js:181:19:181:42 | documen ... .search |
| tst.js:183:31:183:37 | tainted |
| tst.js:185:42:185:48 | tainted |
| tst.js:186:33:186:39 | tainted |
| tst.js:188:54:188:60 | tainted |
| tst.js:189:45:189:51 | tainted |
| tst.js:194:9:194:42 | tainted |
| tst.js:194:19:194:35 | document.location |
| tst.js:194:19:194:42 | documen ... .search |
| tst.js:196:67:196:73 | tainted |
| tst.js:197:67:197:73 | tainted |
| tst.js:200:20:200:19 | tainted |
| tst.js:201:35:201:41 | tainted |
| tst.js:203:27:203:26 | tainted |
| tst.js:203:46:203:52 | tainted |
| tst.js:204:38:204:44 | tainted |
| tst.js:205:35:205:41 | tainted |
| tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:233:35:233:41 | tainted |
| tst.js:235:20:235:26 | tainted |
| tst.js:237:23:237:29 | tainted |
| tst.js:238:23:238:29 | tainted |
| tst.js:244:39:244:55 | props.propTainted |
| tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted |
| tst.js:256:7:256:17 | window.name |
| tst.js:257:7:257:10 | name |
| tst.js:261:11:261:21 | window.name |
| tst.js:272:9:272:32 | loc3 |
| tst.js:272:16:272:32 | document.location |
| tst.js:275:7:275:10 | loc3 |
| tst.js:277:22:277:29 | location |
| winjs.js:2:7:2:53 | tainted |
| winjs.js:2:17:2:33 | document.location |
| winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:3:43:3:49 | tainted |
| winjs.js:4:43:4:49 | tainted |
| xss-through-filenames.js:7:43:7:48 | files1 |
| xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 |
| xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) |
| xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:37:19:37:24 | files3 |
edges
| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id |
| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event |
| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data |
| etherpad.js:9:5:9:53 | response | etherpad.js:11:3:11:3 | response |
| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:36 | req.que ... p + "(" |
| etherpad.js:9:16:9:36 | req.que ... p + "(" | etherpad.js:9:16:9:47 | req.que ... esponse |
| etherpad.js:9:16:9:47 | req.que ... esponse | etherpad.js:9:16:9:53 | req.que ... e + ")" |
| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response |
| etherpad.js:11:3:11:3 | response | etherpad.js:11:12:11:19 | response |
| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil |
| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil |
| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil |
| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) |
| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) |
| jquery.js:2:7:2:40 | tainted | jquery.js:4:5:4:11 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted |
| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted |
| jquery.js:2:17:2:33 | document.location | jquery.js:2:17:2:40 | documen ... .search |
| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted |
| jquery.js:7:5:7:26 | "<div i ... tainted | jquery.js:7:5:7:34 | "<div i ... + "\\">" |
| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:26 | "<div i ... tainted |
| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted |
| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` |
| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x |
| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y |
| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x |
| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x |
| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y |
| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x |
| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x |
| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y |
| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x |
| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x |
| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y |
| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x |
| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x |
| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) |
| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x |
| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted |
| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted |
| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted |
| stored-xss.js:2:39:2:55 | document.location | stored-xss.js:2:39:2:62 | documen ... .search |
| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') |
| stored-xss.js:3:35:3:51 | document.location | stored-xss.js:3:35:3:58 | documen ... .search |
| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') |
| string-manipulations.js:4:16:4:32 | document.location | string-manipulations.js:4:16:4:37 | documen ... on.href |
| string-manipulations.js:5:16:5:32 | document.location | string-manipulations.js:5:16:5:37 | documen ... on.href |
| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() |
| string-manipulations.js:6:16:6:32 | document.location | string-manipulations.js:6:16:6:37 | documen ... on.href |
| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() |
| string-manipulations.js:7:16:7:32 | document.location | string-manipulations.js:7:16:7:37 | documen ... on.href |
| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() |
| string-manipulations.js:8:16:8:32 | document.location | string-manipulations.js:8:16:8:37 | documen ... on.href |
| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() |
| string-manipulations.js:9:36:9:52 | document.location | string-manipulations.js:9:36:9:57 | documen ... on.href |
| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) |
| string-manipulations.js:10:23:10:39 | document.location | string-manipulations.js:10:23:10:44 | documen ... on.href |
| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) |
| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target |
| translate.js:6:16:6:32 | document.location | translate.js:6:16:6:39 | documen ... .search |
| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target |
| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) |
| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') |
| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p |
| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r |
| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p |
| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r |
| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target |
| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target |
| tst.js:2:7:2:39 | target | tst.js:23:42:23:47 | target |
| tst.js:2:16:2:32 | document.location | tst.js:2:16:2:39 | documen ... .search |
| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target |
| tst.js:8:18:8:114 | "<OPTIO ... t=")+8) | tst.js:8:18:8:126 | "<OPTIO ... PTION>" |
| tst.js:8:37:8:53 | document.location | tst.js:8:37:8:58 | documen ... on.href |
| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) |
| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:114 | "<OPTIO ... t=")+8) |
| tst.js:12:5:12:33 | '<div s ... target | tst.js:12:5:12:42 | '<div s ... 'px">' |
| tst.js:12:28:12:33 | target | tst.js:12:5:12:33 | '<div s ... target |
| tst.js:19:25:19:41 | document.location | tst.js:20:18:20:35 | params.get('name') |
| tst.js:23:42:23:47 | target | tst.js:23:42:23:60 | target.substring(1) |
| tst.js:23:42:23:60 | target.substring(1) | tst.js:24:18:24:41 | searchP ... 'name') |
| tst.js:27:14:27:19 | target | tst.js:29:18:29:23 | target |
| tst.js:31:5:31:21 | document.location | tst.js:31:5:31:28 | documen ... .search |
| tst.js:31:5:31:28 | documen ... .search | tst.js:27:14:27:19 | target |
| tst.js:34:10:34:26 | document.location | tst.js:34:10:34:33 | documen ... .search |
| tst.js:34:10:34:33 | documen ... .search | tst.js:37:16:37:20 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:61:26:61:30 | bar() |
| tst.js:34:10:34:33 | documen ... .search | tst.js:71:16:71:20 | bar() |
| tst.js:43:20:43:36 | document.location | tst.js:43:20:43:43 | documen ... .search |
| tst.js:43:20:43:43 | documen ... .search | tst.js:43:16:43:44 | baz(doc ... search) |
| tst.js:49:21:49:37 | document.location | tst.js:49:21:49:44 | documen ... .search |
| tst.js:49:21:49:44 | documen ... .search | tst.js:49:16:49:45 | wrap(do ... search) |
| tst.js:57:21:57:37 | document.location | tst.js:57:21:57:44 | documen ... .search |
| tst.js:57:21:57:44 | documen ... .search | tst.js:57:16:57:45 | chop(do ... search) |
| tst.js:59:21:59:37 | document.location | tst.js:59:21:59:44 | documen ... .search |
| tst.js:59:21:59:44 | documen ... .search | tst.js:59:16:59:45 | chop(do ... search) |
| tst.js:61:21:61:31 | chop(bar()) | tst.js:61:16:61:32 | wrap(chop(bar())) |
| tst.js:61:26:61:30 | bar() | tst.js:61:21:61:31 | chop(bar()) |
| tst.js:63:34:63:34 | s | tst.js:65:18:65:18 | s |
| tst.js:67:25:67:41 | document.location | tst.js:67:25:67:48 | documen ... .search |
| tst.js:67:25:67:48 | documen ... .search | tst.js:63:34:63:34 | s |
| tst.js:68:25:68:41 | document.location | tst.js:68:25:68:48 | documen ... .search |
| tst.js:68:25:68:48 | documen ... .search | tst.js:63:34:63:34 | s |
| tst.js:73:1:73:27 | [,docum ... search] | tst.js:73:46:73:46 | x |
| tst.js:73:3:73:19 | document.location | tst.js:73:3:73:26 | documen ... .search |
| tst.js:73:3:73:26 | documen ... .search | tst.js:73:1:73:27 | [,docum ... search] |
| tst.js:73:46:73:46 | x | tst.js:74:7:74:7 | x |
| tst.js:74:7:74:7 | x | tst.js:76:20:76:20 | x |
| tst.js:80:49:80:65 | document.location | tst.js:80:49:80:72 | documen ... .search |
| tst.js:84:26:84:42 | document.location | tst.js:84:26:84:49 | documen ... .search |
| tst.js:85:25:85:41 | document.location | tst.js:85:25:85:48 | documen ... .search |
| tst.js:87:33:87:49 | document.location | tst.js:87:33:87:56 | documen ... .search |
| tst.js:88:32:88:48 | document.location | tst.js:88:32:88:55 | documen ... .search |
| tst.js:93:39:93:55 | document.location | tst.js:93:39:93:62 | documen ... .search |
| tst.js:99:30:99:46 | document.location | tst.js:99:30:99:53 | documen ... .search |
| tst.js:105:25:105:41 | document.location | tst.js:105:25:105:48 | documen ... .search |
| tst.js:110:7:110:44 | v | tst.js:113:18:113:18 | v |
| tst.js:110:11:110:27 | document.location | tst.js:110:11:110:34 | documen ... .search |
| tst.js:110:11:110:34 | documen ... .search | tst.js:110:11:110:44 | documen ... bstr(1) |
| tst.js:110:11:110:44 | documen ... bstr(1) | tst.js:110:7:110:44 | v |
| tst.js:145:29:145:43 | window.location | tst.js:145:29:145:50 | window. ... .search |
| tst.js:145:29:145:50 | window. ... .search | tst.js:148:29:148:29 | v |
| tst.js:148:29:148:29 | v | tst.js:148:49:148:49 | v |
| tst.js:155:40:155:54 | window.location | tst.js:155:40:155:61 | window. ... .search |
| tst.js:155:40:155:61 | window. ... .search | tst.js:152:29:152:46 | xssSourceService() |
| tst.js:174:9:174:41 | target | tst.js:177:28:177:33 | target |
| tst.js:174:18:174:34 | document.location | tst.js:174:18:174:41 | documen ... .search |
| tst.js:174:18:174:41 | documen ... .search | tst.js:174:9:174:41 | target |
| tst.js:181:9:181:42 | tainted | tst.js:183:31:183:37 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:185:42:185:48 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:186:33:186:39 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:188:54:188:60 | tainted |
| tst.js:181:9:181:42 | tainted | tst.js:189:45:189:51 | tainted |
| tst.js:181:19:181:35 | document.location | tst.js:181:19:181:42 | documen ... .search |
| tst.js:181:19:181:42 | documen ... .search | tst.js:181:9:181:42 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:196:67:196:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:197:67:197:73 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:200:20:200:19 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:203:27:203:26 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:233:35:233:41 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:235:20:235:26 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:237:23:237:29 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:238:23:238:29 | tainted |
| tst.js:194:9:194:42 | tainted | tst.js:252:23:252:29 | tainted |
| tst.js:194:19:194:35 | document.location | tst.js:194:19:194:42 | documen ... .search |
| tst.js:194:19:194:42 | documen ... .search | tst.js:194:9:194:42 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:201:35:201:41 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:204:38:204:44 | tainted |
| tst.js:200:20:200:19 | tainted | tst.js:205:35:205:41 | tainted |
| tst.js:201:35:201:41 | tainted | tst.js:209:28:209:46 | this.state.tainted1 |
| tst.js:203:27:203:26 | tainted | tst.js:203:46:203:52 | tainted |
| tst.js:203:46:203:52 | tainted | tst.js:210:28:210:46 | this.state.tainted2 |
| tst.js:204:38:204:44 | tainted | tst.js:211:28:211:46 | this.state.tainted3 |
| tst.js:205:35:205:41 | tainted | tst.js:215:32:215:49 | prevState.tainted4 |
| tst.js:233:35:233:41 | tainted | tst.js:222:28:222:46 | this.props.tainted1 |
| tst.js:235:20:235:26 | tainted | tst.js:223:28:223:46 | this.props.tainted2 |
| tst.js:237:23:237:29 | tainted | tst.js:224:28:224:46 | this.props.tainted3 |
| tst.js:238:23:238:29 | tainted | tst.js:228:32:228:49 | prevProps.tainted4 |
| tst.js:244:39:244:55 | props.propTainted | tst.js:248:60:248:82 | this.st ... Tainted |
| tst.js:252:23:252:29 | tainted | tst.js:244:39:244:55 | props.propTainted |
| tst.js:272:9:272:32 | loc3 | tst.js:275:7:275:10 | loc3 |
| tst.js:272:16:272:32 | document.location | tst.js:272:9:272:32 | loc3 |
| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted |
| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted |
| winjs.js:2:17:2:33 | document.location | winjs.js:2:17:2:40 | documen ... .search |
| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) |
| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted |
| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 |
| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:34:30:37 | file |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 |
| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 |
| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 |
| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file |
| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] |
| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 |
| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 |
| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) |
#select
| xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value |
| xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
| xss-through-filenames.js:37:19:37:24 | files3 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:37:19:37:24 | files3 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value |
Reference in New Issue View Git Blame Copy Permalink