2020-06-30 12:49:37 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
|
|
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
|
|
|
|
|
|
== Sensitive Code Example
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// === Server side ===
|
|
|
|
|
|
|
|
|
|
var xpath = require('xpath');
|
|
|
|
|
var xmldom = require('xmldom');
|
|
|
|
|
|
|
|
|
|
var doc = new xmldom.DOMParser().parseFromString(xml);
|
|
|
|
|
var nodes = xpath.select(userinput, doc); // Sensitive
|
|
|
|
|
var node = xpath.select1(userinput, doc); // Sensitive
|
|
|
|
|
----
|
2020-06-30 14:49:38 +02:00
|
|
|
|
2020-06-30 12:49:37 +02:00
|
|
|
----
|
|
|
|
|
// === Client side ===
|
|
|
|
|
|
|
|
|
|
// Chrome, Firefox, Edge, Opera, and Safari use the evaluate() method to select nodes:
|
|
|
|
|
var nodes = document.evaluate(userinput, xmlDoc, null, XPathResult.ANY_TYPE, null); // Sensitive
|
|
|
|
|
|
|
|
|
|
// Internet Explorer uses its own methods to select nodes:
|
|
|
|
|
var nodes = xmlDoc.selectNodes(userinput); // Sensitive
|
|
|
|
|
var node = xmlDoc.SelectSingleNode(userinput); // Sensitive
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
2021-06-02 20:44:38 +02:00
|
|
|
|
2021-06-03 09:05:38 +02:00
|
|
|
ifdef::env-github,rspecator-view[]
|
2021-09-20 15:38:42 +02:00
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
== Implementation Specification
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::../message.adoc[]
|
|
|
|
|
|
2021-06-08 15:52:13 +02:00
|
|
|
'''
|
2021-06-02 20:44:38 +02:00
|
|
|
== Comments And Links
|
|
|
|
|
(visible only on this page)
|
|
|
|
|
|
|
|
|
|
include::comments-and-links.adoc[]
|
2021-06-03 09:05:38 +02:00
|
|
|
endif::env-github,rspecator-view[]
|
