File tree Expand file tree Collapse file tree 2 files changed +2
-8
lines changed
javascript/frameworks/ui5
lib/advanced_security/javascript/frameworks/ui5/dataflow
test/queries/UI5Xss/xss-book-example Expand file tree Collapse file tree 2 files changed +2
-8
lines changed Original file line number Diff line number Diff line change @@ -66,14 +66,7 @@ class LocalModelContentBoundBidirectionallyToHtmlISinkControl extends DomBasedXs
6666 */
6767class LocalModelStringPropertySource extends DomBasedXss:: Source {
6868 LocalModelStringPropertySource ( ) {
69- exists ( UI5BindingPath bindingPath |
70- this =
71- bindingPath
72- .getControlDeclaration ( )
73- .getDefinition ( )
74- .getMetadata ( )
75- .getProperty ( bindingPath .getPropertyName ( ) )
76- )
69+ this = any ( PropertyMetadata propMeta | propMeta .isUnrestrictedStringType ( ) )
7770 }
7871}
7972
Original file line number Diff line number Diff line change 1313| webapp/controls/Book.js:133:8:133:26 | oControl.getTitle() | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" |
1414#select
1515| webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | webapp/controller/App.Controller.js:23:25:23:47 | oSearch ... Value() | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | XSS vulnerability due to $@. | webapp/controller/App.Controller.js:23:25:23:47 | oSearch ... Value() | user-provided value |
16+ | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | webapp/controls/Book.js:17:13:17:30 | { type: "string" } | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | XSS vulnerability due to $@. | webapp/controls/Book.js:17:13:17:30 | { type: "string" } | user-provided value |
You can’t perform that action at this time.
0 commit comments