KEMBAR78
Experimental query: ClipboardBasedXss by bananabr · Pull Request #6498 · github/codeql · GitHub
Skip to content

Experimental query: ClipboardBasedXss #6498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 31, 2021
Merged

Experimental query: ClipboardBasedXss #6498

merged 4 commits into from
Aug 31, 2021

Conversation

@bananabr
Copy link
Contributor

This query looks for potential DomBasedXSS vulnerabilities whose source is the clipboard API. This source is not currently covered by the official XSS queries.

@bananabr bananabr requested a review from a team as a code owner August 17, 2021 18:07
@bananabr bananabr mentioned this pull request Aug 17, 2021
Closed
1 task
asgerf
asgerf reviewed Aug 18, 2021
View reviewed changes
Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the submission! Just a quick comment for now; a proper review will come later.

asgerf
asgerf reviewed Aug 24, 2021
View reviewed changes
Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for the submission @bananabr 👍

We'd be happy to merge the query like this. In the future we will most likely move the clipboard source into the js/xss-through-dom query.

bananabr and others added 2 commits August 25, 2021 09:40
@bananabr @asgerf
Update javascript/ql/src/experimental/Security/CWE-079/ClipboardXss.ql
cd40de7 
Typo fix

Co-authored-by: Asger F <asgerf@github.com>
@bananabr
Remove unncessary results
b8ce5a6 
Simplifies query to improve performance by removing unnecessary results.
asgerf
asgerf approved these changes Aug 31, 2021
View reviewed changes
Copy link
Contributor

@asgerf asgerf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@codeql-ci codeql-ci merged commit cf9ab83 into github:main Aug 31, 2021
@erik-krogh erik-krogh mentioned this pull request Sep 13, 2021
Merged
@intrigus-lgtm intrigus-lgtm mentioned this pull request Dec 7, 2021
Closed
1 task
perovovao
perovovao reviewed Dec 15, 2021
View reviewed changes
Copy link

@perovovao perovovao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • [ ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asgerf asgerf asgerf approved these changes

+1 more reviewer

@perovovao perovovao perovovao left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bananabr @asgerf @perovovao @codeql-ci