Page MenuHomePhabricator
Files F34824394

vue3-2021-semgrep-p-typescript.txt
sbassett (Scott Bassett)
Actions

Authored By
sbassett
Dec 3 2021, 9:52 PM
Size
4 KB
Referenced Files
None
Subscribers
None

vue3-2021-semgrep-p-typescript.txt
View Options

packages/compiler-dom/src/decodeHtmlBrowser.ts
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `decoder` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
10: decoder.innerHTML = `<div foo="${raw.replace(/"/g, '&quot;')}">`
--------------------------------------------------------------------------------
13: decoder.innerHTML = raw
packages/reactivity/src/ref.ts
rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX
75: return createRef(value, false)
--------------------------------------------------------------------------------
88: return createRef(value, true)
packages/runtime-core/__tests__/hydration.spec.ts
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `container` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
23: container.innerHTML = html
--------------------------------------------------------------------------------
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `teleportContainer` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
269: teleportContainer.innerHTML = teleportHtml
--------------------------------------------------------------------------------
332: teleportContainer.innerHTML = teleportHtml
--------------------------------------------------------------------------------
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `container` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
428: container.innerHTML = await renderToString(h(App))
--------------------------------------------------------------------------------
480: container.innerHTML = await renderToString(h(App))
--------------------------------------------------------------------------------
507: container.innerHTML = await renderToString(h(App))
--------------------------------------------------------------------------------
591: container.innerHTML = await renderToString(h(App))
--------------------------------------------------------------------------------
671: container.innerHTML = html
--------------------------------------------------------------------------------
734: container.innerHTML = html
packages/runtime-core/src/renderer.ts
rule:javascript.lang.correctness.useless-eqeq.eqeq-is-bad: Detected a useless comparison operation `dynamicChildren == dynamicChildren` or `dynamicChildren != dynamicChildren`. This operation is always true. If testing for floating point NaN, use `math.isnan`, or `cmath.isnan` if the number is complex. Details: https://sg.run/Kl6n
941: } else if (!optimized && dynamicChildren == null) {
packages/runtime-dom/__tests__/nodeOps.spec.ts
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `parent` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
43: parent.innerHTML = existing
--------------------------------------------------------------------------------
71: parent.innerHTML = existing
packages/runtime-dom/src/nodeOps.ts
rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `t` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv
82: t.innerHTML = isSVG ? `<svg>${content}</svg>` : content
test-dts/defineComponent.test-d.tsx
rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX
263: <MyComponent
264: a={1}
265: b="b"
266: bb="bb"
267: e={() => {}}
268: cc={['cc']}
269: dd={{ n: 1 }}
270: ee={() => 'ee'}
271: ccc={['ccc']}
272: ddd={['ddd']}
-------- [hid 13 additional lines, adjust with --max-lines-per-finding] --------
test-dts/functionalComponent.test-d.tsx
rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX
16:expectType<JSX.Element>(<Foo foo={1} ref="ref" />)
test-dts/tsx.test-d.tsx
rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX
31:expectType<JSX.Element>(<div ref="bar" />)

File Metadata

Mime Type
text/plain
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
9278115
Default Alt Text
vue3-2021-semgrep-p-typescript.txt (4 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL