add more attributes potentially vulnerable to xss-through-dom

erik-krogh · erik-krogh · commit 73b0aa4004fe · 2020-04-20T13:29:00.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll b/javascript/ql/src/semmle/javascript/security/dataflow/XssThroughDom.qll
@@ -44,7 +44,8 @@ module XssThroughDom {
   bindingset[result]
   string unsafeAttributeName() {
     result.regexpMatch("data-.*") or
-    result = ["name", "value"]
+    result.regexpMatch("aria-.*") or
+    result = ["name", "value", "title", "alt"]
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,8 @@ module XssThroughDom {`
`44`	`44`	`bindingset[result]`
`45`	`45`	`string unsafeAttributeName() {`
`46`	`46`	`result.regexpMatch("data-.*") or`
`47`		`- result = ["name", "value"]`
	`47`	`+ result.regexpMatch("aria-.*") or`
	`48`	`+ result = ["name", "value", "title", "alt"]`
`48`	`49`	`}`
`49`	`50`
`50`	`51`	`/**`