@@ -15,20 +15,23 @@ import javascript
1515import semmle.javascript.HTML
1616
1717bindingset [ host]
18- predicate isAllowedHost ( string host ) { host .toLowerCase ( ) .regexpMatch ( "localhost(:[0-9]+)?/.*" ) }
18+ predicate isLocalhostPrefix ( string host ) {
19+ host .toLowerCase ( )
20+ .regexpMatch ( [
21+ "localhost(:[0-9]+)?/.*" , "127.0.0.1(:[0-9]+)?/.*" , "::1/.*" , "\\[::1\\]:[0-9]+/.*"
22+ ] )
23+ }
1924
2025bindingset [ path]
2126predicate isUntrustedSourcePath ( string path ) {
2227 path .substring ( 0 , 2 ) = "//"
2328 or
2429 exists ( string hostPath | hostPath = path .regexpCapture ( "http://(.*)" , 1 ) |
25- not isAllowedHost ( hostPath )
30+ not isLocalhostPrefix ( hostPath )
2631 )
2732}
2833
2934abstract class IncludesUntrustedContent extends HTML:: Element {
30- IncludesUntrustedContent ( ) { this = this }
31-
3235 /** Gets an explanation why this source is untrusted. */
3336 abstract string getProblem ( ) ;
3437}
@@ -41,17 +44,17 @@ class ScriptElementWithUntrustedContent extends IncludesUntrustedContent, HTML::
4144 }
4245
4346 override string getProblem ( ) {
44- result = "script elements should use an https link and/or use the integrity attribute"
47+ result = "script elements should use an HTTPS url and/or use the integrity attribute"
4548 }
4649}
4750
4851/** An iframe element that includes untrusted content. */
4952class IframeElementWithUntrustedContent extends HTML:: IframeElement , IncludesUntrustedContent {
5053 IframeElementWithUntrustedContent ( ) { isUntrustedSourcePath ( this .getSourcePath ( ) ) }
5154
52- override string getProblem ( ) { result = "iframe elements should use an https link " }
55+ override string getProblem ( ) { result = "iframe elements should use an HTTPS url " }
5356}
5457
5558from IncludesUntrustedContent s , string problem
5659where problem = s .getProblem ( )
57- select s , "HTML-element imports untrusted content (" + problem + ")"
60+ select s , "HTML-element uses untrusted content (" + problem + ")"
0 commit comments