Skip to content

Commit cb7de27

Browse files
erik-krogherik-krogh
committed
add onmessage handlers registered using global property as PostMessageEventHandler 
1 parent 283be19 commit cb7de27

File tree

1 file changed

+5
-0
lines changed
  • javascript/ql/src/semmle/javascript/security/dataflow

1 file changed

+5
-0
lines changed

javascript/ql/src/semmle/javascript/security/dataflow/DOM.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,11 @@ class PostMessageEventHandler extends Function {
199199
addEventListener.getArgument(0).mayHaveStringValue("message") and
200200
addEventListener.getArgument(1).getABoundFunctionValue(paramIndex).getFunction() = this
201201
)
202+
or
203+
exists(DataFlow::Node rhs |
204+
rhs = DataFlow::globalObjectRef().getAPropertyWrite("onmessage").getRhs() and
205+
rhs.getABoundFunctionValue(paramIndex).getFunction() = this
206+
)
202207
}
203208

204209
/**

0 commit comments

Comments
 (0)