-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathjavascript.yml
More file actions
58 lines (58 loc) · 1.17 KB
/
javascript.yml
File metadata and controls
58 lines (58 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# JavaScript: sources = user-manipulable (headers, cookies, query, body, URL, etc.)
sources:
# URL / query / path / hash (browser)
- "document.location"
- "document.URL"
- "document.referrer"
- "window.location*"
- "location.search"
- "location.hash"
- "location.pathname"
# Express / Node: query, params, body
- "req.query"
- "req.params"
- "req.body"
- "req.query*"
- "req.params*"
# HTTP headers (Cookie, Authorization, X-*, etc.)
- "req.headers*"
- "req.get"
- "req.header"
- "request.headers*"
# Cookies
- "req.cookies"
- "req.signedCookies"
- "document.cookie"
# Request body / raw
- "request.query*"
- "request.body*"
- "request.rawBody"
# User input (browser)
- "input"
- "prompt"
- "confirm"
# WebSocket / SSE (client-sent data)
- "message.data"
- "event.data"
sinks:
- "eval"
- "Function"
- "setTimeout"
- "setInterval"
- "document.write"
- "document.writeln"
- "innerHTML"
- "outerHTML"
- "insertAdjacentHTML"
- "exec"
- "execSync"
- "spawn"
- "execFile"
- "child_process*"
- "require"
sanitizers:
- "escape"
- "encodeURI"
- "encodeURIComponent"
- "textContent"
- "createTextNode"