32 lines
805 B
Plaintext
32 lines
805 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
// === Server side ===
|
|
|
|
var xpath = require('xpath');
|
|
var xmldom = require('xmldom');
|
|
|
|
var doc = new xmldom.DOMParser().parseFromString(xml);
|
|
var nodes = xpath.select(userinput, doc); // Sensitive
|
|
var node = xpath.select1(userinput, doc); // Sensitive
|
|
----
|
|
|
|
----
|
|
// === Client side ===
|
|
|
|
// Chrome, Firefox, Edge, Opera, and Safari use the evaluate() method to select nodes:
|
|
var nodes = document.evaluate(userinput, xmlDoc, null, XPathResult.ANY_TYPE, null); // Sensitive
|
|
|
|
// Internet Explorer uses its own methods to select nodes:
|
|
var nodes = xmlDoc.selectNodes(userinput); // Sensitive
|
|
var node = xmlDoc.SelectSingleNode(userinput); // Sensitive
|
|
----
|
|
|
|
include::../see.adoc[]
|