Closed pwnetrationguru closed 3 years ago
Relating to our action attribute rule, ScanJS misses:
var a=document.createElement("div"); a.innerHTML="<form action='demo.asp'></form>"; document.body.appendChild(a);
We do not flag this because innerHTML is assigned from a static string.
We should flag this because we are building a <form> with the action attribute.
<form>
action
Relating to our action attribute rule, ScanJS misses:
We do not flag this because innerHTML is assigned from a static string.
We should flag this because we are building a
<form>with theactionattribute.