You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: javascript/ql/src/Security/CWE-116/BadTagFilter.qhelp
+4-5Lines changed: 4 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,8 @@
5
5
6
6
<overview>
7
7
<p>
8
-
Parsing general HTML using regular expressions is impossible, however it is possible to match
9
-
single HTML tags. However, if the regexp is not written well it might be easy
8
+
It is possible to match some single HTML tags using regular expressions (parsing general HTML using
9
+
regular expressions is impossible). However, if the regexp is not written well it might be easy
10
10
to circumvent the regexp, which can lead to XSS or other security issues.
11
11
</p>
12
12
<p>
@@ -25,14 +25,13 @@ likely to handle corner cases correctly than a custom implementation.
25
25
26
26
<example>
27
27
<p>
28
-
For example, assume we want to write a function that filters out all <code><script></code> tags.
29
-
Such a function might be written like below:
28
+
The following example attempts to filters out all <code><script></code> tags.
30
29
</p>
31
30
32
31
<samplesrc="examples/BadTagFilter.js" />
33
32
34
33
<p>
35
-
This sanitizer does not filter out all <code><script></code> tags.
34
+
The above sanitizer does not filter out all <code><script></code> tags.
36
35
Browsers will not only accept <code></script></code> as script end tags, but also tags such as <code></script foo="bar"></code> even though it is a parser error.
37
36
This means that an attack string such as <code><script>alert(1)</script foo="bar"></code> will not be filtered by
38
37
the function, but <code>alert(1)</code> will be executed by a browser if the string is rendered as HTML.
Copy file name to clipboardExpand all lines: python/ql/src/Security/CWE-116/BadTagFilter.qhelp
+4-5Lines changed: 4 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,8 @@
5
5
6
6
<overview>
7
7
<p>
8
-
Parsing general HTML using regular expressions is impossible, however it is possible to match
9
-
single HTML tags. However, if the regexp is not written well it might be easy
8
+
It is possible to match some single HTML tags using regular expressions (parsing general HTML using
9
+
regular expressions is impossible). However, if the regexp is not written well it might be easy
10
10
to circumvent the regexp, which can lead to XSS or other security issues.
11
11
</p>
12
12
<p>
@@ -25,14 +25,13 @@ likely to handle corner cases correctly than a custom implementation.
25
25
26
26
<example>
27
27
<p>
28
-
For example, assume we want to write a function that filters out all <code><script></code> tags.
29
-
Such a function might be written like below:
28
+
The following example attempts to filters out all <code><script></code> tags.
30
29
</p>
31
30
32
31
<samplesrc="examples/BadTagFilter.py" />
33
32
34
33
<p>
35
-
This sanitizer does not filter out all <code><script></code> tags.
34
+
The above sanitizer does not filter out all <code><script></code> tags.
36
35
Browsers will not only accept <code></script></code> as script end tags, but also tags such as <code></script foo="bar"></code> even though it is a parser error.
37
36
This means that an attack string such as <code><script>alert(1)</script foo="bar"></code> will not be filtered by
38
37
the function, but <code>alert(1)</code> will be executed by a browser if the string is rendered as HTML.
0 commit comments