Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 89f3b6f

Browse files
NapalysNapalys
committed
JS: Added test case for bad sanitizer with unknown flags, currently not flagged.
1 parent 38be0e4 commit 89f3b6f

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

  • javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization

javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/tst.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -332,3 +332,7 @@ function incompleteComplexSanitizers() {
332332
function typicalBadHtmlSanitizers(s) {
333333
s().replace(new RegExp("[<>]", "g"),''); // NOT OK
334334
}
335+
336+
function typicalBadHtmlSanitizers(s) {
337+
s().replace(new RegExp("[<>]", unknown()),''); // NOT OK -- should be flagged, because it is st ill a bad sanitizer
338+
}

0 commit comments

Comments
 (0)