Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 41f21d4

Browse files
NapalysNapalys
committed
JS: Added test case which is not flagged but should be abusing new RegExp with global flag
1 parent d6372ae commit 41f21d4

1 file changed

Lines changed: 5 additions & 1 deletion

File tree

  • javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization

javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -327,4 +327,8 @@ function incompleteComplexSanitizers() {
327327
if (str === "\"")
328328
return """;
329329
}) + '"';
330-
}
330+
}
331+
332+
function typicalBadHtmlSanitizers(s) {
333+
s().replace(new RegExp("[<>]", "g"),''); // NOT OK -- should be not okay, but is not flagged
334+
}

0 commit comments

Comments
 (0)