add failing test

erik-krogh · erik-krogh · commit 94870b838faf · 2023-03-03T11:08:33.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/xss-through-dom.js
@@ -146,4 +146,6 @@ const cashDom = require("cash-dom");
         }
     };
     cashDom("#id").html(DOMPurify ? DOMPurify.sanitize(src) : src); // OK
+
+    $("<a />", { html: src }).appendTo("#id"); // NOT OK - but not flagged [INCONSISTENCY]
 })();

Original file line number	Diff line number	Diff line change
`@@ -146,4 +146,6 @@ const cashDom = require("cash-dom");`
`146`	`146`	`}`
`147`	`147`	`};`
`148`	`148`	`cashDom("#id").html(DOMPurify ? DOMPurify.sanitize(src) : src); // OK`
	`149`	`+`
	`150`	`+ $("<a />", { html: src }).appendTo("#id"); // NOT OK - but not flagged [INCONSISTENCY]`
`149`	`151`	`})();`