16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
56 lines
1.3 KiB
Plaintext
56 lines
1.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === Server side ===
|
|
|
|
var xpath = require('xpath');
|
|
var xmldom = require('xmldom');
|
|
|
|
var doc = new xmldom.DOMParser().parseFromString(xml);
|
|
var nodes = xpath.select(userinput, doc); // Sensitive
|
|
var node = xpath.select1(userinput, doc); // Sensitive
|
|
----
|
|
|
|
----
|
|
// === Client side ===
|
|
|
|
// Chrome, Firefox, Edge, Opera, and Safari use the evaluate() method to select nodes:
|
|
var nodes = document.evaluate(userinput, xmlDoc, null, XPathResult.ANY_TYPE, null); // Sensitive
|
|
|
|
// Internet Explorer uses its own methods to select nodes:
|
|
var nodes = xmlDoc.selectNodes(userinput); // Sensitive
|
|
var node = xmlDoc.SelectSingleNode(userinput); // Sensitive
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== on 8 Dec 2018, 18:45:36 Lars Svensson wrote:
|
|
https://www.npmjs.com/package/xpath is currently the most popular module providing xpath functionality, with ~256k downloads/week.
|
|
|
|
|
|
https://developer.mozilla.org/en-US/docs/Web/API/Document/evaluate
|
|
|
|
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|