File tree Expand file tree Collapse file tree 1 file changed +42
-0
lines changed
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat Expand file tree Collapse file tree 1 file changed +42
-0
lines changed Original file line number Diff line number Diff line change 1+ import { useQueries } from '@tanstack/react-query' ;
2+
3+ const fetchRepoData = async ( ) => {
4+ const response = await fetch ( 'https://example.com' ) ; // $ MISSING: Source
5+ return response . json ( ) ;
6+ } ;
7+
8+ async function fetchPost ( ) {
9+ const response = await fetch ( "www.example.com" ) ; // $ MISSING: Source
10+ return response . json ( ) ;
11+ }
12+
13+ export default function UseQueriesComponent ( ) {
14+ const results = useQueries ( {
15+ queries : [
16+ {
17+ queryKey : [ 'repoData' ] ,
18+ queryFn : fetchRepoData ,
19+ } ,
20+ {
21+ queryKey : [ 'repoData' ] ,
22+ queryFn : ( ) => fetchPost ,
23+ } ,
24+ ] ,
25+ } ) ;
26+
27+ const repoQuery = results [ 0 ] ;
28+
29+ if ( repoQuery . isLoading ) return < p > Loading...</ p > ;
30+ if ( repoQuery . isError ) return < p > Error: { repoQuery . error . message } </ p > ;
31+
32+ return (
33+ < div >
34+ < h1 > Content with Dangerous HTML</ h1 >
35+ < div
36+ dangerouslySetInnerHTML = { {
37+ __html : repoQuery . data , // $ MISSING: Alert
38+ } }
39+ />
40+ </ div >
41+ ) ;
42+ }
You can’t perform that action at this time.
0 commit comments