Update RequestForgeryBad.js

Author: mattrothenberg

javascript/ql/src/Security/CWE-918/examples/RequestForgeryBad.js

@@ -1,7 +1,7 @@
 import http from 'http';
 
 const server = http.createServer(function(req, res) {
-    const target = new URL(req.url).searchParams.get("target");
+    const target = new URL(req.url, "http://example.com").searchParams.get("target");
 
     // BAD: `target` is controlled by the attacker
     http.get('https://' + target + ".example.com/data/", res => {