hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-26 15:17:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f8bccf91b684bbcc396f4228b3fdf1a9babd8cbf
codeql/javascript/ql/test
History
Chad Bentz 9bffcf81b5 JavaScript: Recognize Angular @HostListener('window:message') as a postMessage handler 
Angular registers window message handlers via the
@HostListener('window:message', ['\']) decorator rather than
window.addEventListener('message', ...). The PostMessageEventHandler class
only modeled the addEventListener and window.onmessage forms, so the decorated
handler's event parameter was never treated as a message source. As a result,
js/missing-origin-check produced no alert and the event was not a client-side
remote flow source for downstream queries (e.g. client-side URL redirection).

Extend PostMessageEventHandler to also recognize methods decorated with
@HostListener for 'window:message', 'document:message', or 'message'.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-06-22 21:21:15 -04:00
..
ApiGraphs
JS: Localize charpred of API::EntryPoint
2026-01-07 11:05:41 +01:00
experimental
Refine SystemPromptInjection alert message and move test to stable
2026-06-11 11:51:25 +02:00
library-tests
Merge branch 'main' into add-yaml-comments
2026-06-17 10:17:06 +01:00
query-tests
JavaScript: Recognize Angular @HostListener('window:message') as a postMessage handler
2026-06-22 21:21:15 -04:00
Security/CWE-1427
JS: Add and reclassify prompt-injection sinks for AI SDKs
2026-06-18 17:32:10 +03:00
tutorials
Use more flowTo.
2025-12-03 14:12:08 +01:00
.project
.qlpath
format.json
qlpack.lock.yml
Packaging: Rafactor Javascript core libraries
2021-08-25 12:15:56 -07:00
qlpack.yml
JS: Add InlineExpectationsTest
2024-01-30 13:20:57 +01:00