mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
18 lines
788 B
JavaScript
18 lines
788 B
JavaScript
function test() {
|
|
var tainted = document.location.search
|
|
|
|
$(tainted); // OK - location.search starts with '?'
|
|
$("body", tainted); // OK
|
|
$("." + tainted); // OK
|
|
$("<div id=\"" + tainted + "\">"); // NOT OK
|
|
$("body").html("XSS: " + tainted); // NOT OK
|
|
$(window.location.hash); // OK - location.hash starts with '#'
|
|
$("<b>" + location.toString() + "</b>"); // NOT OK
|
|
|
|
// Not related to jQuery, but the handling of $() should not affect this sink
|
|
let elm = document.getElementById('x');
|
|
elm.innerHTML = decodeURIComponent(window.location.hash); // NOT OK
|
|
elm.innerHTML = decodeURIComponent(window.location.search); // NOT OK
|
|
elm.innerHTML = decodeURIComponent(window.location.toString()); // NOT OK
|
|
}
|