Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity
    • Default Quality Profiles:
      Sonar way, Sonar way recommended

      Description

      Sensitive Code Example

      // === Server side ===
      
      var xpath = require('xpath');
      var xmldom = require('xmldom');
      
      var doc = new xmldom.DOMParser().parseFromString(xml);
      var nodes = xpath.select(userinput, doc); // Sensitive
      var node = xpath.select1(userinput, doc); // Sensitive
      
      // === Client side ===
      
      // Chrome, Firefox, Edge, Opera, and Safari use the evaluate() method to select nodes:
      var nodes = document.evaluate(userinput, xmlDoc, null, XPathResult.ANY_TYPE, null); // Sensitive
      
      // Internet Explorer uses its own methods to select nodes:
      var nodes = xmlDoc.selectNodes(userinput); // Sensitive
      var node = xmlDoc.SelectSingleNode(userinput); // Sensitive
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              lars.svensson Lars Svensson (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: